GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-16 11:42:52 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD1600JS-55NCB1 rev.10.02E01 Running: gt01pwlo.exe; Driver: C:\DOCUME~1\Firma\USTAWI~1\Temp\kxlciaoc.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwAddBootEntry [0xA8B14724] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA76DF7BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xA76EB3DE] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwConnectPort [0xA8B15D04] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xA76EAB32] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA76DFBAC] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwCreateThread [0xA8B13CF4] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeleteBootEntry [0xA8B147A8] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeleteFile [0xA8B14F16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xA76EB26A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xA76EB172] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwDeviceIoControlFile [0xA8B13DC8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xA76EA686] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA76DF89E] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwFsControlFile [0xA8B14EB6] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwImpersonateClientOfPort [0xA8B14E72] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwImpersonateThread [0xA8B14E24] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwLoadDriver [0xA8B15608] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwMapViewOfSection [0xA8B1515C] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwModifyBootEntry [0xA8B14766] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xA76EAC78] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xA76EA58A] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwOpenSection [0xA8B15712] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xA76EA608] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA76DFA1E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xA76EADA8] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwQueueApcThread [0xA8B1418A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA76EB338] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwReplaceKey [0xA8B148F4] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwRequestWaitReplyPort [0xA8B16C24] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xA76EACEA] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSecureConnectPort [0xA8B15E08] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetBootOptions [0xA8B147EA] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetContextThread [0xA8B141FE] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetInformationFile [0xA8B14F7A] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSetSystemInformation [0xA8B14044] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xA76EAFA6] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwShutdownSystem [0xA8B146D2] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwSystemDebugControl [0xA8B14280] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xA76DFAE8] SSDT \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ZwTerminateThread [0xA8B21C63] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xA76DF954] ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2CB8 80504544 12 Bytes [A8, 47, B1, A8, 16, 4F, B1, ...] {TEST AL, 0x47; MOV CL, 0xa8; PUSH SS; DEC EDI; MOV CL, 0xa8; PUSH -0x4e; OUTSB ; CMPSD } .text ntkrnlpa.exe!ZwCallbackReturn + 2EF4 80504780 4 Bytes JMP 94A76EAC .text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047A0 8 Bytes JMP FEA8B147 .text ntkrnlpa.exe!ZwCallbackReturn + 2FC8 80504854 8 Bytes CALL E3F7B653 .Shltr1 C:\Program Files\SpyShelter Personal Free\SpyShelter.sys entry point in ".Shltr1" section [0xA8B4D018] .text win32k.sys!EngAcquireSemaphore + 2640 BF8089B4 5 Bytes JMP A8B09850 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP A8B0B2E0 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngFreeUserMem + 5500 BF80EE6B 5 Bytes JMP A8B09A76 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP A8B07882 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP A8B075D2 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngPaint + DD2 BF82D92E 5 Bytes JMP A8B08516 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngLockSurface + E45 BF834964 5 Bytes JMP A8B09756 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP A8B08020 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP A8B07806 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP A8B085CE \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP A8B0903A \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP A8B07428 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP A8B074E2 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP A8B07106 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP A8B08188 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP A8B09164 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP A8B086B0 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateDeviceSurface + 27CF BF88B39D 5 Bytes JMP A8B128CE \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngGetCurrentCodePage + 77BB BF89415A 5 Bytes JMP A8B08A30 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP A8B08944 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngGradientFill + 511F BF8B3D3D 5 Bytes JMP A8B098B6 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP A8B0767E \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP A8B07EFA \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP A8B07BC8 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP A8B078EA \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP A8B07D18 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP A8B08ACC \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngCreateClip + 4910 BF91558E 5 Bytes JMP A8B07258 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) .text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP A8B080F0 \??\C:\Program Files\SpyShelter Personal Free\SpyShelter.sys (SpyShelter Driver/SpyShelter) ---- User code sections - GMER 1.0.15 ---- .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90FCFC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90FD6D .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FE9B .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 27, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002901F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002903FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 006B1014 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 006B0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 006B0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 006B0C0C .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 006B0E10 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 006B01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 006B03FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 006B0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006C0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 006C0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006C0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006C01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006C03FC .text C:\Documents and Settings\Firma\Moje dokumenty\Downloads\gt01pwlo.exe[668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Moje dokumenty\Downloads\gt01pwlo.exe[668] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 39, 00] {SUB [EAX], AL; CMP [EAX], EAX} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 39, 00] {SUB [EBX], AL; CMP [EAX], EAX} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 39, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 39, 00] {TEST AL, 0x1; CMP [EAX], EAX} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B910EFC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 39, 00] {TEST AL, 0x2; CMP [EAX], EAX} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 39, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 39, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910F6D .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 39, 00] {TEST AL, 0x0; CMP [EAX], EAX} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91109B .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 39, 00] {SUB [ECX], AL; CMP [EAX], EAX} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 39, 00] {SUB [EDX], AL; CMP [EAX], EAX} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 39, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 007D1014 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 007D0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 007D0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 007D0C0C .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 007D0E10 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 007D01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 007D03FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 007D0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 007E0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 007E0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 007E0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007E01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1000] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007E03FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912AFC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912B6D .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912C9B .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 005701F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 005703FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00851014 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00850804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00850A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00850C0C .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00850E10 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 008501F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 008503FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00850600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00860804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00860A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00860600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008601F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1464] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008603FC .text C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 10027000 C:\Program Files\SpyShelter Personal Free\klhelper.dll .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 3A, 00] {SUB [EAX], AL; CMP AL, [EAX]} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 3A, 00] {SUB [EBX], AL; CMP AL, [EAX]} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 3A, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 3A, 00] {TEST AL, 0x1; CMP AL, [EAX]} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B910FFC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 3A, 00] {TEST AL, 0x2; CMP AL, [EAX]} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 3A, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 3A, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91106D .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 3A, 00] {TEST AL, 0x0; CMP AL, [EAX]} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91119B .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 3A, 00] {SUB [ECX], AL; CMP AL, [EAX]} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 3A, 00] {SUB [EDX], AL; CMP AL, [EAX]} .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 3A, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 007E1014 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 007E0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 007E0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 007E0C0C .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 007E0E10 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 007E01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 007E03FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 007E0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 007F0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 007F0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 007F0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007F01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007F03FC .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2052] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2052] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912AFC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912B6D .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912C9B .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 55, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 005701F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 005703FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00851014 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00850804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00850A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00850C0C .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00850E10 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 008501F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 008503FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00850600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00860804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00860A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00860600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008601F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2904] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008603FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90FAFC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90FB6D .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FC9B .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 25, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 002701F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 002703FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00681014 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00680804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00680A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00680C0C .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00680E10 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 006801F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 006803FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00680600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00690804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00690A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00690600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006901F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006903FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EBFC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90EC6D .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90ED9B .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001801F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001803FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 005A1014 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 005A0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 005A0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 005A0C0C .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 005A0E10 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005A01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005A03FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 005A0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005B0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 005B0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005B0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005B01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005B03FC .text C:\Program Files\FreeCommander\FreeCommander.exe[2992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\FreeCommander\FreeCommander.exe[2992] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Firma\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3896] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[1344] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00700002 IAT C:\WINDOWS\system32\services.exe[1344] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00700000 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 01018DB0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 01018D60 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01014BF0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01015CC0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 01017AB0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01016360 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01015FA0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 010170B0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 01018AC0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 01018B00 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 01018E40 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 01018970 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 01017A10 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01016940 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 01016230 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01016680 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 010193C0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 01017400 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 01017870 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 01017F70 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 01017CC0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 01017EF0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 01018430 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 01018120 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01016100 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 010167F0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 01018B80 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 01017E40 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 010179B0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 01017830 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 01017BC0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 01018E60 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 01017C00 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 01019100 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 010190A0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 010192F0 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 01019390 IAT C:\Program Files\SpyShelter Personal Free\SpyShelter.exe[1736] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 010191C0 IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2052] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) AttachedDevice aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----