GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-01-19 16:32:21 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.13.0 Running: tv3izmzb.exe; Driver: C:\DOCUME~1\Weronika\USTAWI~1\Temp\agrirfob.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Protection driver/Panda Security, S.L.) ZwTerminateProcess [0xA663373A] SSDT \??\C:\WINDOWS\system32\PavSRK.sys ZwWriteVirtualMemory [0xA64E6C30] ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\PavTPK.sys Nie można odnaleźć określonego pliku. ! ? C:\WINDOWS\system32\PavSRK.sys Nie można odnaleźć określonego pliku. ! ? system32\drivers\av5flt.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FB50F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA60F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FB20F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA90F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB80F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FAC0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [9B, 5F] {WAIT ; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FA30F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ole32.dll!CoCreateInstanceEx 774EF164 6 Bytes JMP 5F880F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ole32.dll!CoGetClassObject 77505205 6 Bytes JMP 5F850F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\Documents and Settings\Weronika\Moje dokumenty\Downloads\tv3izmzb.exe[448] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!send 71A54C27 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\LEXBCES.EXE[460] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[500] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!send 71A54C27 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\LEXPPS.EXE[616] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5F130F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5F100F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5F220F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!send 71A54C27 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5F160F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5F070F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5F190F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[668] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5F130F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FAF0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F8E0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA00F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8B0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [AA, 5F] {STOSB ; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FAC0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F9A0F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F910F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA30F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F880F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [98, 5F] {CWDE ; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB20F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F850F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FA60F5A .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI} .text C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe[808] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F9D0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [65, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [86, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [68, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [89, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [6B, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [71, 5F] {JNO 0x61} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [74, 5F] {JZ 0x61} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [77, 5F] {JA 0x61} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [9E, 5F] {SAHF ; POP EDI} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [8C, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [7A, 5F] {JP 0x61} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [7D, 5F] {JGE 0x61} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [8F, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [9B, 5F] {WAIT ; POP EDI} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 5F] {XCHG EDX, EAX; POP EDI} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [80, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [83, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [98, 5F] {CWDE ; POP EDI} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F520F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F5B0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F550F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [62, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F580F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5F100F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5F0A0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5F220F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5F040F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!send 71A54C27 6 Bytes JMP 5F0D0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5F160F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5F070F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5F1C0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5F190F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5F1F0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5F130F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F310F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F430F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F460F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F490F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F340F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F400F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F4C0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F4F0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F250F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F280F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F2B0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [2F, 5F] {DAS ; POP EDI} .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F370F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F3A0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F3D0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FD60F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5FB50F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FC70F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5FB20F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [D1, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FD30F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FC10F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5FB80F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FCA0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5FAF0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [BF, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FD90F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5FAC0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FCD0F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [BC, 5F] .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FC40F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ole32.dll!CoCreateInstanceEx 774EF164 6 Bytes JMP 5FA90F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ole32.dll!CoGetClassObject 77505205 6 Bytes JMP 5FA60F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5FA30F5A .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[812] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5FA00F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FB50F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA60F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FB20F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA90F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB80F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FAC0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [9B, 5F] {WAIT ; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FA30F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ole32.dll!CoCreateInstanceEx 774EF164 6 Bytes JMP 5F880F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ole32.dll!CoGetClassObject 77505205 6 Bytes JMP 5F850F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5FC70F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5FC10F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5FD90F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5FBB0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!send 71A54C27 6 Bytes JMP 5FC40F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5FCD0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5FBE0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5FD30F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5FD00F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5FD60F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1276] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5FCA0F5A .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\WINDOWS\Explorer.EXE[1448] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\WINDOWS\Explorer.EXE[1448] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\Explorer.EXE[1448] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\WINDOWS\Explorer.EXE[1448] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\WINDOWS\Explorer.EXE[1448] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\WINDOWS\Explorer.EXE[1448] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FAF0F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F8E0F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA00F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8B0F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [AA, 5F] {STOSB ; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FAC0F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F9A0F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F910F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA30F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F880F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [98, 5F] {CWDE ; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB20F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F850F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FA60F5A .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI} .text C:\WINDOWS\Explorer.EXE[1448] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F9D0F5A .text C:\WINDOWS\Explorer.EXE[1448] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\WINDOWS\Explorer.EXE[1448] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5FC10F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5FBB0F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5FD30F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5FB50F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!send 71A54C27 6 Bytes JMP 5FBE0F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5FC70F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5FB80F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5FCD0F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5FCA0F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5FD00F5A .text C:\WINDOWS\Explorer.EXE[1448] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5FC40F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [65, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [86, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [68, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [89, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [6B, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [71, 5F] {JNO 0x61} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [74, 5F] {JZ 0x61} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [77, 5F] {JA 0x61} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [9E, 5F] {SAHF ; POP EDI} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [8C, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [7A, 5F] {JP 0x61} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [7D, 5F] {JGE 0x61} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [8F, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [9B, 5F] {WAIT ; POP EDI} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 5F] {XCHG EDX, EAX; POP EDI} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [80, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [83, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [98, 5F] {CWDE ; POP EDI} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F520F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F5B0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F550F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [62, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F580F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F310F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F430F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F460F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F490F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F340F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F400F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F4C0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F4F0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F250F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F280F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F2B0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [2F, 5F] {DAS ; POP EDI} .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F370F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F3A0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F3D0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FD60F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5FB50F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FC70F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5FB20F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [D1, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FD30F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FC10F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5FB80F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FCA0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5FAF0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [BF, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FD90F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5FAC0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FCD0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [BC, 5F] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FC40F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5F0A0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5F220F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!send 71A54C27 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5F1C0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5F1F0F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ole32.dll!CoCreateInstanceEx 774EF164 6 Bytes JMP 5FA90F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ole32.dll!CoGetClassObject 77505205 6 Bytes JMP 5FA60F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5FA30F5A .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\DCService.exe[1624] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5FA00F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5F100F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5F220F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5F040F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!send 71A54C27 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5F160F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5F070F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5F190F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[2184] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!send 71A54C27 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[2520] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\WINDOWS\system32\ctfmon.exe[2820] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\WINDOWS\system32\ctfmon.exe[2820] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FAF0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F8E0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA00F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8B0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [AA, 5F] {STOSB ; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FAC0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F9A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F910F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA30F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F880F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [98, 5F] {CWDE ; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB20F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F850F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FA60F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI} .text C:\WINDOWS\system32\ctfmon.exe[2820] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F9D0F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\WINDOWS\system32\ctfmon.exe[2820] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FB50F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA60F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FB20F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA90F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB80F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FAC0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [9B, 5F] {WAIT ; POP EDI} .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FA30F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ole32.dll!CoCreateInstanceEx 774EF164 6 Bytes JMP 5F880F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ole32.dll!CoGetClassObject 77505205 6 Bytes JMP 5F850F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5FC70F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5FC10F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5FD90F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5FBB0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!send 71A54C27 6 Bytes JMP 5FC40F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5FCD0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5FBE0F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5FD30F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5FD00F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5FD60F5A .text C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5FCA0F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!sendto 71A52F51 6 Bytes JMP 5F100F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!recvfrom 71A52FF7 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!closesocket 71A53E2B 6 Bytes JMP 5F220F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!connect 71A54A07 6 Bytes JMP 5F040F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!send 71A54C27 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!WSARecv 71A54CB5 6 Bytes JMP 5F160F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!recv 71A5676F 6 Bytes JMP 5F070F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!WSASend 71A568FA 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!WSARecvFrom 71A5F66A 6 Bytes JMP 5F190F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!WSASendTo 71A60AAD 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3064] WS2_32.dll!WSAConnect 71A60C81 6 Bytes JMP 5F130F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\Program Files\HP\HPBTWD.exe[3576] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\Program Files\HP\HPBTWD.exe[3576] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\Program Files\HP\HPBTWD.exe[3576] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\Program Files\HP\HPBTWD.exe[3576] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FB50F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F940F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA60F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F910F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [B0, 5F] {MOV AL, 0x5f} .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FB20F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5FA00F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F970F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA90F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F8E0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB80F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F8B0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FAC0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [9B, 5F] {WAIT ; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5FA30F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ole32.dll!CoCreateInstanceEx 774EF164 6 Bytes JMP 5F880F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ole32.dll!CoGetClassObject 77505205 6 Bytes JMP 5F850F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\Program Files\HP\HPBTWD.exe[3576] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FAF0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F8E0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA00F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8B0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [AA, 5F] {STOSB ; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FAC0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F9A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F910F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA30F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F880F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [98, 5F] {CWDE ; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB20F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F850F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FA60F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI} .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F9D0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [44, 5F] {INC ESP; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [65, 5F] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [47, 5F] {INC EDI; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [68, 5F] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [4D, 5F] {DEC EBP; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [50, 5F] {PUSH EAX; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [56, 5F] {PUSH ESI; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [7D, 5F] {JGE 0x61} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [6B, 5F] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [59, 5F] {POP ECX; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [5C, 5F] {POP ESP; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [6E, 5F] {OUTSB ; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtSetContextThread 7C90DBAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtSetContextThread + 4 7C90DBB2 2 Bytes [7A, 5F] {JP 0x61} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [71, 5F] {JNO 0x61} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [5F, 5F] {POP EDI; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [62, 5F] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [74, 5F] {JZ 0x61} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [77, 5F] {JA 0x61} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [3E, 5F] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [41, 5F] {INC ECX; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F370F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!DispatchMessageW 7E368A01 6 Bytes JMP 5FAF0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!TranslateMessage 7E368BF6 6 Bytes JMP 5F8E0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 5FA00F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!DispatchMessageA 7E3696B8 6 Bytes JMP 5F8B0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!CreateAcceleratorTableW 7E36D9BB 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!CreateAcceleratorTableW + 4 7E36D9BF 2 Bytes [AA, 5F] {STOSB ; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5FAC0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F9A0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F910F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 5FA30F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!BeginDeferWindowPos 7E37AFB9 6 Bytes JMP 5F880F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!GetKeyboardState 7E37D226 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!GetKeyboardState + 4 7E37D22A 2 Bytes [98, 5F] {CWDE ; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!SetClipboardData 7E380F9E 6 Bytes JMP 5FB20F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F850F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5FA60F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!AttachThreadInput 7E381E52 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!AttachThreadInput + 4 7E381E56 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F9D0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!CloseServiceHandle 77DD6CE5 6 Bytes JMP 5F100F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!OpenServiceW 77DD6FFD 6 Bytes JMP 5F220F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!StartServiceA 77DDFB58 6 Bytes JMP 5F250F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!StartServiceW 77DE3E94 6 Bytes JMP 5F280F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!ControlService 77DE4A09 6 Bytes JMP 5F130F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!OpenServiceA 77DE4C66 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!LsaAddAccountRights 77E0ABF1 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 6 Bytes JMP 5F040F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!ChangeServiceConfigW 77E27001 6 Bytes JMP 5F070F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 3 Bytes [FF, 25, 1E] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E2718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F160F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!CreateServiceW 77E273A9 6 Bytes JMP 5F190F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ADVAPI32.dll!DeleteService 77E274B1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ole32.dll!CLSIDFromProgID 77508332 6 Bytes JMP 5F820F5A .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3840] ole32.dll!CLSIDFromProgIDEx 7754626D 6 Bytes JMP 5F7F0F5A ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[344] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Documents and Settings\Weronika\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2328] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 ---- Devices - GMER 1.0.15 ---- Device ShlDrv51.sys (PandaShield driver/Panda Security, S.L.) Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----