GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-02-13 00:28:33 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD1200BEVS-22UST0 rev.01.01A01 111,79GB Running: zszg85g1.exe; Driver: C:\DOCUME~1\karolina\USTAWI~1\Temp\uxndykow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xA99BFE92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwClose [0xA99C1530] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xA99BF0D8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateEvent [0xA99BE1AE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateEventPair [0xA99BE206] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xA99BFAC0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xA99C0AC6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateMutant [0xA99BE158] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreatePort [0xA99BE100] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xA99BF7DC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSemaphore [0xA99BE258] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xA99C2534] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xA99BEA82] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xA99C024C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xA99C04C2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xA99BE86C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xA99C1646] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xA99C185A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xA99C1F3A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xA99BF3B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwNotifyChangeKey [0xA99C2806] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwNotifyChangeMultipleKeys [0xA99C1404] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xA99BFCB8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xA99C09A8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xA99BE2B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xA99BF664] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xA99BE5BC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xA99C19CC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xA99C1C80] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xA99C1AFE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xA99C10F2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetInformationProcess [0xA99C0086] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xA99C07CC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xA99C223A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xA99C0DE2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xA99BF326] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xA99BF550] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xA99BEEB8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xA99BEC86] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 23F0 80501C28 12 Bytes [AE, E1, 9B, A9, 06, E2, 9B, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 242C 80501C64 16 Bytes [DC, F7, 9B, A9, 58, E2, 9B, ...] {FDIVR ST7, ST0; WAIT ; TEST EAX, 0xa99be258; XOR AL, 0x25; PUSHF ; TEST EAX, 0xa99bea82} .text ntkrnlpa.exe!ZwCallbackReturn + 2474 80501CAC 4 Bytes CALL B13EC64C ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\wdfmgr.exe[176] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wdfmgr.exe[176] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\wdfmgr.exe[176] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wdfmgr.exe[176] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\wdfmgr.exe[176] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wdfmgr.exe[176] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\wdfmgr.exe[176] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wdfmgr.exe[176] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\wdfmgr.exe[176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\wdfmgr.exe[176] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wdfmgr.exe[176] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\wdfmgr.exe[176] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\system32\wdfmgr.exe[176] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\system32\wdfmgr.exe[176] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\wdfmgr.exe[176] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\wdfmgr.exe[176] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\wdfmgr.exe[176] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\wdfmgr.exe[176] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\wdfmgr.exe[176] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\wdfmgr.exe[176] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\wdfmgr.exe[176] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[240] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7A, 71] {JP 0x73} .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9B, 71] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718A000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718D000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7190000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7196000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7193000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7184000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7187000A .text C:\Program Files\Linksys\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[268] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7181000A .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 5 Bytes JMP 100018F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[596] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 5 Bytes JMP 10001D70 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\services.exe[668] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 6 Bytes JMP 719C000A .text C:\WINDOWS\system32\services.exe[668] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\services.exe[668] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\services.exe[668] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\services.exe[668] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\services.exe[668] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\services.exe[668] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\services.exe[668] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\services.exe[668] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7B, 71] {JNP 0x73} .text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [78, 71] {JS 0x73} .text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[680] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A2, 71] .text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AA0001 .text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[680] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [99, 71] .text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\system32\lsass.exe[680] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\system32\lsass.exe[680] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 7188000A .text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7182000A .text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7185000A .text C:\WINDOWS\system32\lsass.exe[680] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 717F000A .text C:\WINDOWS\system32\lsass.exe[680] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718B000A .text C:\WINDOWS\system32\lsass.exe[680] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 718E000A .text C:\WINDOWS\system32\lsass.exe[680] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7194000A .text C:\WINDOWS\system32\lsass.exe[680] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7191000A .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[832] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[832] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 6 Bytes JMP 719C000A .text C:\WINDOWS\system32\svchost.exe[832] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\svchost.exe[832] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\svchost.exe[832] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[876] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 6 Bytes JMP 719C000A .text C:\WINDOWS\system32\svchost.exe[876] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\svchost.exe[876] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\svchost.exe[876] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\svchost.exe[876] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\svchost.exe[876] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\svchost.exe[876] rpcss.dll!WhichService 76A63C84 8 Bytes [D0, 3B, 01, 10, 90, 39, 01, ...] .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[908] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00403580 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[908] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 004A2820 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[944] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 6 Bytes JMP 719C000A .text C:\WINDOWS\system32\svchost.exe[944] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\svchost.exe[944] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\svchost.exe[944] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\svchost.exe[944] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\svchost.exe[944] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Program Files\Tablet\Pen\WTabletServiceCon.exe[1024] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\System32\alg.exe[1056] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1056] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\System32\alg.exe[1056] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1056] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [78, 71] {JS 0x73} .text C:\WINDOWS\System32\alg.exe[1056] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1056] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [75, 71] {JNZ 0x73} .text C:\WINDOWS\System32\alg.exe[1056] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1056] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A3, 71] .text C:\WINDOWS\System32\alg.exe[1056] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\System32\alg.exe[1056] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1056] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [96, 71] .text C:\WINDOWS\System32\alg.exe[1056] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 717F000A .text C:\WINDOWS\System32\alg.exe[1056] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7182000A .text C:\WINDOWS\System32\alg.exe[1056] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 717C000A .text C:\WINDOWS\System32\alg.exe[1056] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7188000A .text C:\WINDOWS\System32\alg.exe[1056] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 718B000A .text C:\WINDOWS\System32\alg.exe[1056] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7191000A .text C:\WINDOWS\System32\alg.exe[1056] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 718E000A .text C:\WINDOWS\System32\alg.exe[1056] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\System32\alg.exe[1056] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\System32\alg.exe[1056] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 7185000A .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1160] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1160] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\system32\svchost.exe[1160] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\system32\svchost.exe[1160] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\svchost.exe[1160] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\svchost.exe[1160] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\svchost.exe[1160] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\svchost.exe[1160] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\svchost.exe[1160] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1204] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\system32\svchost.exe[1204] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\system32\svchost.exe[1204] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\svchost.exe[1204] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\svchost.exe[1204] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7A, 71] {JP 0x73} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9B, 71] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7181000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1252] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7193000A .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7A, 71] {JP 0x73} .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9B, 71] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7184000A .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7187000A .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7181000A .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718D000A .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7190000A .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7196000A .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7193000A .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe[1448] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\spoolsv.exe[1508] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1508] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\spoolsv.exe[1508] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1508] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\spoolsv.exe[1508] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1508] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\spoolsv.exe[1508] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1508] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\spoolsv.exe[1508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\spoolsv.exe[1508] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1508] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\spoolsv.exe[1508] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\system32\spoolsv.exe[1508] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\system32\spoolsv.exe[1508] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\spoolsv.exe[1508] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\spoolsv.exe[1508] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\spoolsv.exe[1508] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\spoolsv.exe[1508] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\spoolsv.exe[1508] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\spoolsv.exe[1508] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\spoolsv.exe[1508] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\HPZipm12.exe[1768] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\HPZipm12.exe[1768] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\HPZipm12.exe[1768] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\HPZipm12.exe[1768] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7C, 71] {JL 0x73} .text C:\WINDOWS\system32\HPZipm12.exe[1768] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\HPZipm12.exe[1768] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [79, 71] {JNS 0x73} .text C:\WINDOWS\system32\HPZipm12.exe[1768] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\HPZipm12.exe[1768] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A3, 71] .text C:\WINDOWS\system32\HPZipm12.exe[1768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\HPZipm12.exe[1768] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\HPZipm12.exe[1768] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9A, 71] .text C:\WINDOWS\system32\HPZipm12.exe[1768] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\system32\HPZipm12.exe[1768] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\system32\HPZipm12.exe[1768] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 7189000A .text C:\WINDOWS\system32\HPZipm12.exe[1768] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7183000A .text C:\WINDOWS\system32\HPZipm12.exe[1768] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7186000A .text C:\WINDOWS\system32\HPZipm12.exe[1768] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7180000A .text C:\WINDOWS\system32\HPZipm12.exe[1768] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718C000A .text C:\WINDOWS\system32\HPZipm12.exe[1768] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 718F000A .text C:\WINDOWS\system32\HPZipm12.exe[1768] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7195000A .text C:\WINDOWS\system32\HPZipm12.exe[1768] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7192000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\nsb6F3.tmpfs[1844] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Program Files\TP-LINK\COMMON\RaRegistry.exe[1876] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1892] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe[1916] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Documents and Settings\karolina\Dane aplikacji\VOPackage\JOSrv.exe[1968] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SUsrv.exe[1984] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7A, 71] {JP 0x73} .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9B, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, B2, 00] {ADC BYTE [EDI-0x4e], 0x0} .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, B2, 00] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2020] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7193000A .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Program Files\Real\RealPlayer\update\realsched.exe[2028] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2032] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[2032] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\system32\svchost.exe[2032] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\system32\svchost.exe[2032] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\svchost.exe[2032] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\svchost.exe[2032] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\svchost.exe[2032] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\svchost.exe[2032] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\svchost.exe[2032] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\svchost.exe[2032] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\RTHDCPL.EXE[2136] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2136] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\RTHDCPL.EXE[2136] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2136] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7E, 71] {JLE 0x73} .text C:\WINDOWS\RTHDCPL.EXE[2136] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2136] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7B, 71] {JNP 0x73} .text C:\WINDOWS\RTHDCPL.EXE[2136] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2136] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A5, 71] .text C:\WINDOWS\RTHDCPL.EXE[2136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AA0001 .text C:\WINDOWS\RTHDCPL.EXE[2136] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2136] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9C, 71] .text C:\WINDOWS\RTHDCPL.EXE[2136] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\RTHDCPL.EXE[2136] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\RTHDCPL.EXE[2136] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718B000A .text C:\WINDOWS\RTHDCPL.EXE[2136] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718E000A .text C:\WINDOWS\RTHDCPL.EXE[2136] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7191000A .text C:\WINDOWS\RTHDCPL.EXE[2136] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7197000A .text C:\WINDOWS\RTHDCPL.EXE[2136] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7194000A .text C:\WINDOWS\RTHDCPL.EXE[2136] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7185000A .text C:\WINDOWS\RTHDCPL.EXE[2136] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7188000A .text C:\WINDOWS\RTHDCPL.EXE[2136] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7182000A .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[2324] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00401210 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[2324] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 00401000 C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7C, 71] {JL 0x73} .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [79, 71] {JNS 0x73} .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A3, 71] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9A, 71] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 7189000A .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718C000A .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 718F000A .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7195000A .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7192000A .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7183000A .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7186000A .text C:\Documents and Settings\karolina\Ustawienia lokalne\Dane aplikacji\FluxSoftware\Flux\flux.exe[2388] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7180000A .text C:\WINDOWS\system32\hkcmd.exe[2412] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2412] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\hkcmd.exe[2412] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2412] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\hkcmd.exe[2412] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2412] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\hkcmd.exe[2412] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2412] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\hkcmd.exe[2412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\hkcmd.exe[2412] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2412] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\hkcmd.exe[2412] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\hkcmd.exe[2412] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\hkcmd.exe[2412] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\hkcmd.exe[2412] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\hkcmd.exe[2412] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\hkcmd.exe[2412] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\hkcmd.exe[2412] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\hkcmd.exe[2412] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\igfxpers.exe[2440] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2440] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\igfxpers.exe[2440] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2440] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\igfxpers.exe[2440] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2440] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\igfxpers.exe[2440] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2440] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\igfxpers.exe[2440] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\igfxpers.exe[2440] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2440] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\igfxpers.exe[2440] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\igfxpers.exe[2440] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\igfxpers.exe[2440] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\igfxpers.exe[2440] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\igfxpers.exe[2440] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\igfxpers.exe[2440] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\igfxpers.exe[2440] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\igfxpers.exe[2440] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7A, 71] {JP 0x73} .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9B, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7193000A .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[2528] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\igfxsrvc.exe[2544] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\igfxsrvc.exe[2544] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\igfxsrvc.exe[2544] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\igfxsrvc.exe[2544] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\igfxsrvc.exe[2544] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\igfxsrvc.exe[2544] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\igfxsrvc.exe[2544] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\igfxsrvc.exe[2544] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\igfxsrvc.exe[2544] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\igfxsrvc.exe[2544] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\igfxsrvc.exe[2544] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7A, 71] {JP 0x73} .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9B, 71] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718A000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7184000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7187000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7181000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718D000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7190000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7196000A .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2944] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7193000A .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7A, 71] {JP 0x73} .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9B, 71] .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718A000A .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718D000A .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7190000A .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7196000A .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7193000A .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7184000A .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7187000A .text C:\Program Files\Bamboo Dock\BambooCore.exe[3176] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7181000A .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [44, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtConnectPort 7C90D030 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtConnectPort + 4 7C90D034 2 Bytes [62, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateEvent 7C90D070 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateEvent + 4 7C90D074 2 Bytes [7A, 71] {JP 0x73} .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateEventPair 7C90D080 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateEventPair + 4 7C90D084 2 Bytes [74, 71] {JZ 0x73} .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [53, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateMutant 7C90D0F0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateMutant + 4 7C90D0F4 2 Bytes [80, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateNamedPipeFile 7C90D100 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateNamedPipeFile + 4 7C90D104 2 Bytes [56, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreatePort 7C90D120 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreatePort + 4 7C90D124 2 Bytes [68, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [5C, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateSemaphore 7C90D170 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateSemaphore + 4 7C90D174 2 Bytes [6E, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateWaitablePort 7C90D1C0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtCreateWaitablePort + 4 7C90D1C4 2 Bytes [5F, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtFsControlFile 7C90D380 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtFsControlFile + 4 7C90D384 2 Bytes [4A, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenEvent 7C90D560 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenEvent + 4 7C90D564 2 Bytes [77, 71] {JA 0x73} .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenEventPair 7C90D570 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenEventPair + 4 7C90D574 2 Bytes [71, 71] {JNO 0x73} .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [50, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenMutant 7C90D5C0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenMutant + 4 7C90D5C4 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenSection 7C90D610 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenSection + 4 7C90D614 2 Bytes [59, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenSemaphore 7C90D620 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtOpenSemaphore + 4 7C90D624 2 Bytes [6B, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtQueryVirtualMemory 7C90D960 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtQueryVirtualMemory + 4 7C90D964 2 Bytes [4D, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtReplyPort 7C90DA60 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtReplyPort + 4 7C90DA64 2 Bytes [83, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [AD, 70] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [AA, 70] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtRequestWaitReplyPort 7C90DAC0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtRequestWaitReplyPort + 4 7C90DAC4 2 Bytes [86, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtSecureConnectPort 7C90DB60 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtSecureConnectPort + 4 7C90DB64 2 Bytes [65, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtSetSystemTime 7C90DD60 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!NtSetSystemTime + 4 7C90DD64 2 Bytes [47, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [41, 71] .text C:\WINDOWS\system32\svchost.exe[3268] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\svchost.exe[3268] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\svchost.exe[3268] kernel32.dll!GetPrivateProfileStringW 7C80F9ED 6 Bytes JMP 71A8000A .text C:\WINDOWS\system32\svchost.exe[3268] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [DD, 70] .text C:\WINDOWS\system32\svchost.exe[3268] kernel32.dll!GetPrivateProfileStringA 7C832B6E 6 Bytes JMP 71A5000A .text C:\WINDOWS\system32\svchost.exe[3268] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 77DDFE8B 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\svchost.exe[3268] ADVAPI32.dll!SetServiceStatus 77DE3231 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\svchost.exe[3268] ADVAPI32.dll!StartServiceCtrlDispatcherW 77DE357D 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] ADVAPI32.dll!StartServiceCtrlDispatcherW + 4 77DE3581 2 Bytes [9B, 71] .text C:\WINDOWS\system32\svchost.exe[3268] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 77DE3E29 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\svchost.exe[3268] ADVAPI32.dll!RegisterServiceCtrlHandlerW 77DE3E57 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\svchost.exe[3268] ADVAPI32.dll!RegisterServiceCtrlHandlerA 77DE4E96 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\svchost.exe[3268] ADVAPI32.dll!StartServiceCtrlDispatcherA 77E27EB1 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\svchost.exe[3268] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\svchost.exe[3268] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!GetShellWindow 7E369252 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!GetShellWindow + 4 7E369256 2 Bytes [A1, 71] .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!UnregisterClassW 7E369AA4 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!RegisterClassW 7E36A39A 6 Bytes JMP 7139000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!GetClassInfoExA 7E36DD58 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!GetClassInfoExW 7E36DEBC 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!FindWindowExW 7E36E0E3 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!CreateDialogParamW 7E36EA3B 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!DialogBoxParamW 7E3747AB 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!RegisterClassExA 7E377C39 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!FindWindowA 7E3782E1 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!EnumDesktopWindows 7E37851A 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!UnregisterClassA 7E3789A3 6 Bytes JMP 712A000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!GetClassNameW 7E379D12 6 Bytes JMP 711B000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!EnumWindows 7E37A5AE 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!EnumChildWindows 7E37B0F0 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!FindWindowW 7E37C9C3 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7115000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7112000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!GetClassInfoW 7E37E81E 6 Bytes JMP 7121000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!GetClassNameA 7E37F45F 6 Bytes JMP 7118000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!EnumThreadWindows 7E37F539 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!DialogBoxIndirectParamW 7E382072 6 Bytes JMP 70BF000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!FindWindowExA 7E38214A 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!CreateDialogIndirectParamA 7E389B28 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!DialogBoxParamA 7E38B144 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!CreateDialogParamA 7E38C7DB 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!GetClassInfoA 7E38EBFF 6 Bytes JMP 711E000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!CreateDialogIndirectParamW 7E38F01F 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\svchost.exe[3268] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 6 Bytes JMP 70BC000A .text C:\WINDOWS\system32\svchost.exe[3268] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\svchost.exe[3268] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\svchost.exe[3268] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\svchost.exe[3268] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\svchost.exe[3268] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 719F000A .text C:\WINDOWS\system32\svchost.exe[3268] SHELL32.dll!SHOpenFolderAndSelectItems 7CAC2B76 6 Bytes JMP 71AF000A .text C:\WINDOWS\system32\wscntfy.exe[3552] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3552] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\wscntfy.exe[3552] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3552] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\wscntfy.exe[3552] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3552] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\wscntfy.exe[3552] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3552] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\wscntfy.exe[3552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\wscntfy.exe[3552] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wscntfy.exe[3552] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\wscntfy.exe[3552] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\wscntfy.exe[3552] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\wscntfy.exe[3552] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\wscntfy.exe[3552] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\wscntfy.exe[3552] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\wscntfy.exe[3552] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\wscntfy.exe[3552] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\wscntfy.exe[3552] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\Explorer.EXE[3568] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3568] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\Explorer.EXE[3568] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3568] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\Explorer.EXE[3568] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3568] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\Explorer.EXE[3568] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3568] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\Explorer.EXE[3568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\Explorer.EXE[3568] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[3568] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\Explorer.EXE[3568] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\WINDOWS\Explorer.EXE[3568] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\WINDOWS\Explorer.EXE[3568] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\Explorer.EXE[3568] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\Explorer.EXE[3568] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\Explorer.EXE[3568] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\Explorer.EXE[3568] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\WINDOWS\Explorer.EXE[3568] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\Explorer.EXE[3568] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\Explorer.EXE[3568] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A5, 71] .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AA0001 .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9C, 71] .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718B000A .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718E000A .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7191000A .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7197000A .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7194000A .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7185000A .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7188000A .text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3596] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7182000A .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Program Files\Tablet\Pen\WacomHost.exe[3604] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[3656] ntdll.dll!NtAllocateVirtualMemory 7C90CF50 5 Bytes JMP 00422D90 C:\Program Files\COMODO\COMODO Internet Security\cis.exe .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A5, 71] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AA0001 .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9C, 71] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 0A, 01] {ADC BYTE [EDI+0xa], 0x1} .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 0A, 01] .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718B000A .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718E000A .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7191000A .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7197000A .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7194000A .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7185000A .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7188000A .text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[3664] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7182000A .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A5, 71] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AA0001 .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9C, 71] .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718B000A .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718E000A .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7191000A .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7197000A .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7194000A .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7185000A .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7188000A .text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[3688] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7182000A .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [44, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtConnectPort 7C90D030 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtConnectPort + 4 7C90D034 2 Bytes [62, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateEvent 7C90D070 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateEvent + 4 7C90D074 2 Bytes [7A, 71] {JP 0x73} .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateEventPair 7C90D080 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateEventPair + 4 7C90D084 2 Bytes [74, 71] {JZ 0x73} .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [53, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateMutant 7C90D0F0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateMutant + 4 7C90D0F4 2 Bytes [80, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateNamedPipeFile 7C90D100 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateNamedPipeFile + 4 7C90D104 2 Bytes [56, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreatePort 7C90D120 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreatePort + 4 7C90D124 2 Bytes [68, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [5C, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateSemaphore 7C90D170 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateSemaphore + 4 7C90D174 2 Bytes [6E, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateWaitablePort 7C90D1C0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtCreateWaitablePort + 4 7C90D1C4 2 Bytes [5F, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtFsControlFile 7C90D380 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtFsControlFile + 4 7C90D384 2 Bytes [4A, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenEvent 7C90D560 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenEvent + 4 7C90D564 2 Bytes [77, 71] {JA 0x73} .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenEventPair 7C90D570 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenEventPair + 4 7C90D574 2 Bytes [71, 71] {JNO 0x73} .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenFile 7C90D580 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenFile + 4 7C90D584 2 Bytes [50, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenMutant 7C90D5C0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenMutant + 4 7C90D5C4 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenSection 7C90D610 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenSection + 4 7C90D614 2 Bytes [59, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenSemaphore 7C90D620 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtOpenSemaphore + 4 7C90D624 2 Bytes [6B, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtQueryVirtualMemory 7C90D960 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtQueryVirtualMemory + 4 7C90D964 2 Bytes [4D, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtReplyPort 7C90DA60 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtReplyPort + 4 7C90DA64 2 Bytes [83, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [AD, 70] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [AA, 70] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtRequestWaitReplyPort 7C90DAC0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtRequestWaitReplyPort + 4 7C90DAC4 2 Bytes [86, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtSecureConnectPort 7C90DB60 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtSecureConnectPort + 4 7C90DB64 2 Bytes [65, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtSetSystemTime 7C90DD60 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!NtSetSystemTime + 4 7C90DD64 2 Bytes [47, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [41, 71] .text C:\WINDOWS\system32\svchost.exe[4008] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 70E4000A .text C:\WINDOWS\system32\svchost.exe[4008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\svchost.exe[4008] kernel32.dll!GetPrivateProfileStringW 7C80F9ED 6 Bytes JMP 71A8000A .text C:\WINDOWS\system32\svchost.exe[4008] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [DD, 70] .text C:\WINDOWS\system32\svchost.exe[4008] kernel32.dll!GetPrivateProfileStringA 7C832B6E 6 Bytes JMP 71A5000A .text C:\WINDOWS\system32\svchost.exe[4008] ADVAPI32.dll!RegisterServiceCtrlHandlerExA 77DDFE8B 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\svchost.exe[4008] ADVAPI32.dll!SetServiceStatus 77DE3231 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\svchost.exe[4008] ADVAPI32.dll!StartServiceCtrlDispatcherW 77DE357D 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] ADVAPI32.dll!StartServiceCtrlDispatcherW + 4 77DE3581 2 Bytes [9B, 71] .text C:\WINDOWS\system32\svchost.exe[4008] ADVAPI32.dll!RegisterServiceCtrlHandlerExW 77DE3E29 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\svchost.exe[4008] ADVAPI32.dll!RegisterServiceCtrlHandlerW 77DE3E57 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\svchost.exe[4008] ADVAPI32.dll!RegisterServiceCtrlHandlerA 77DE4E96 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\svchost.exe[4008] ADVAPI32.dll!StartServiceCtrlDispatcherA 77E27EB1 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\svchost.exe[4008] RPCRT4.dll!RpcServerRegisterIfEx 77E8E05B 6 Bytes JMP 70DB000A .text C:\WINDOWS\system32\svchost.exe[4008] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 70CC000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!GetShellWindow 7E369252 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!GetShellWindow + 4 7E369256 2 Bytes [A1, 71] .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!UnregisterClassW 7E369AA4 6 Bytes JMP 712D000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!RegisterClassW 7E36A39A 6 Bytes JMP 7139000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!RegisterClassExW 7E36AF7F 6 Bytes JMP 7133000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!GetClassInfoExA 7E36DD58 6 Bytes JMP 7124000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!GetClassInfoExW 7E36DEBC 6 Bytes JMP 7127000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!FindWindowExW 7E36E0E3 6 Bytes JMP 70FD000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!CreateDialogParamW 7E36EA3B 6 Bytes JMP 710C000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!DialogBoxParamW 7E3747AB 6 Bytes JMP 7106000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!DialogBoxIndirectParamAorW 7E3749D0 6 Bytes JMP 7100000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!CreateDialogIndirectParamAorW 7E37680B 6 Bytes JMP 710F000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!RegisterClassExA 7E377C39 6 Bytes JMP 7130000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 70B4000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!FindWindowA 7E3782E1 6 Bytes JMP 70F4000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!EnumDesktopWindows 7E37851A 6 Bytes JMP 70E8000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!UnregisterClassA 7E3789A3 6 Bytes JMP 712A000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!GetClassNameW 7E379D12 6 Bytes JMP 711B000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!EnumWindows 7E37A5AE 6 Bytes JMP 70F1000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!EnumChildWindows 7E37B0F0 6 Bytes JMP 70EB000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!FindWindowW 7E37C9C3 6 Bytes JMP 70F7000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!CreateWindowExW 7E37D0A3 6 Bytes JMP 7115000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!CreateWindowExA 7E37E4A9 6 Bytes JMP 7112000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!GetClassInfoW 7E37E81E 6 Bytes JMP 7121000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!RegisterClassA 7E37EA5E 6 Bytes JMP 7136000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!GetClassNameA 7E37F45F 6 Bytes JMP 7118000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!EnumThreadWindows 7E37F539 6 Bytes JMP 70EE000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 70B7000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 70B1000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!DialogBoxIndirectParamW 7E382072 6 Bytes JMP 70BF000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!FindWindowExA 7E38214A 6 Bytes JMP 70FA000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!CreateDialogIndirectParamA 7E389B28 6 Bytes JMP 70C4000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!DialogBoxParamA 7E38B144 6 Bytes JMP 7103000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!CreateDialogParamA 7E38C7DB 6 Bytes JMP 7109000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!GetClassInfoA 7E38EBFF 6 Bytes JMP 711E000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!CreateDialogIndirectParamW 7E38F01F 6 Bytes JMP 70C7000A .text C:\WINDOWS\system32\svchost.exe[4008] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 6 Bytes JMP 70BC000A .text C:\WINDOWS\system32\svchost.exe[4008] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 70CF000A .text C:\WINDOWS\system32\svchost.exe[4008] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 70D2000A .text C:\WINDOWS\system32\svchost.exe[4008] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 70D8000A .text C:\WINDOWS\system32\svchost.exe[4008] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 70D5000A .text C:\WINDOWS\system32\svchost.exe[4008] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 719F000A .text C:\WINDOWS\system32\svchost.exe[4008] SHELL32.dll!SHOpenFolderAndSelectItems 7CAC2B76 6 Bytes JMP 71AF000A .text C:\WINDOWS\system32\svchost.exe[4008] rpcss.dll!WhichService 76A63C84 8 Bytes [D0, 3B, 01, 10, 90, 39, 01, ...] .text C:\WINDOWS\system32\ctfmon.exe[4028] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[4028] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\ctfmon.exe[4028] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[4028] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\WINDOWS\system32\ctfmon.exe[4028] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[4028] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\ctfmon.exe[4028] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[4028] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\ctfmon.exe[4028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\ctfmon.exe[4028] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[4028] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\WINDOWS\system32\ctfmon.exe[4028] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\ctfmon.exe[4028] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\ctfmon.exe[4028] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\ctfmon.exe[4028] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\ctfmon.exe[4028] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\ctfmon.exe[4028] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\ctfmon.exe[4028] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\WINDOWS\system32\ctfmon.exe[4028] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\SoftwareUpdater.exe[4292] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Documents and Settings\karolina\Dane aplikacji\SoftwareUpdater\UpdateNotifier.exe[4308] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\taskmgr.exe[4348] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\taskmgr.exe[4348] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\WINDOWS\system32\taskmgr.exe[4348] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\taskmgr.exe[4348] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [7D, 71] {JGE 0x73} .text C:\WINDOWS\system32\taskmgr.exe[4348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\taskmgr.exe[4348] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7A, 71] {JP 0x73} .text C:\WINDOWS\system32\taskmgr.exe[4348] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\taskmgr.exe[4348] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\WINDOWS\system32\taskmgr.exe[4348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\WINDOWS\system32\taskmgr.exe[4348] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\taskmgr.exe[4348] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9B, 71] .text C:\WINDOWS\system32\taskmgr.exe[4348] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718A000A .text C:\WINDOWS\system32\taskmgr.exe[4348] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 718D000A .text C:\WINDOWS\system32\taskmgr.exe[4348] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7190000A .text C:\WINDOWS\system32\taskmgr.exe[4348] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7196000A .text C:\WINDOWS\system32\taskmgr.exe[4348] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7193000A .text C:\WINDOWS\system32\taskmgr.exe[4348] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7184000A .text C:\WINDOWS\system32\taskmgr.exe[4348] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 7187000A .text C:\WINDOWS\system32\taskmgr.exe[4348] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7181000A .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Documents and Settings\karolina\Pulpit\zszg85g1.exe[5420] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [AE, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtCreateFile 7C90D090 5 Bytes JMP 01C59AE0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtFlushBuffersFile 7C90D310 5 Bytes JMP 01C3C434 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtQueryFullAttributesFile 7C90D790 5 Bytes JMP 01C3C150 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 01C3C330 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtReadFileScatter 7C90D9C0 5 Bytes JMP 0265F60F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtReplyWaitReceivePort 7C90DA70 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA74 2 Bytes [80, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA80 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DA84 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 01C5A9F0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!NtWriteFileGather 7C90DF70 5 Bytes JMP 0265F5BE C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009C1F42 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!LdrUnloadDll 7C91736B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ntdll.dll!LdrUnloadDll + 4 7C91736F 2 Bytes [A7, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AC0001 .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 02584AC3 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 02584AA0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [9E, 71] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 01C563D0 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 7187000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] USER32.dll!GetWindowInfo 7E37C49C 5 Bytes JMP 0247B991 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 718A000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 7184000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 7190000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 02584A21 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] GDI32.dll!GetPixel 77F1B74C 6 Bytes JMP 7193000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 7199000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 7196000A .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ADVAPI32.dll!LsaClose + 508 77DD23EC 4 Bytes [80, 57, 01, 10] {ADC BYTE [EDI+0x1], 0x10} .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] ADVAPI32.dll!LsaClose + 510 77DD23F4 4 Bytes [10, 58, 01, 10] .text C:\Program Files\Mozilla Firefox\firefox.exe[6060] Secur32.dll!EncryptMessage 77FEA5FB 6 Bytes JMP 718D000A ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\cmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA1 0x02 0x91 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x27 0xEF 0x96 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD2 0xCB 0x0D 0x6B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x7F 0x9C 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0x08 0x24 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xEE 0x22 0x50 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x61 0xA1 0x02 0x91 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xC5 0x27 0xEF 0x96 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xD2 0xCB 0x0D 0x6B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x44 0x7F 0x9C 0xA5 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x87 0x08 0x24 0x5D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x97 0xEE 0x22 0x50 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet001\Services\MRxDAV\EncryptedDirectories@ Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\VritualRoot\MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----