GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-04-05 22:46:45 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9160314AS rev.0002SDM1 149,05GB Running: duz4p8qq.exe; Driver: C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\fwadikoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xAA1457E6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xAA144D92] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xAA14544C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xAA14602A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xAA147BEE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xAA147F6C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xAA14477E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xAA1459D2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xAA145BDA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xAA144584] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xAA1467F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xAA146A4E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xAA147620] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xAA14505A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xAA145628] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xAA14601A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xAA1441B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xAA1452F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xAA1443B6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xAA146C5C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xAA1470B0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xAA146E6E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xAA146590] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xAA145E38] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xAA14790C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xAA1462F8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xAA144FC4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xAA1451E0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xAA144B94] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xAA144982] ---- Kernel code sections - GMER 2.1 ---- ? qbvyn.sys Nie można odnaleźć określonego pliku. ! ? inspect.sys Nie można odnaleźć określonego pliku. ! ? System32\DRIVERS\cmderd.sys System nie może odnaleźć określonej ścieżki. ! ? System32\DRIVERS\cmdguard.sys System nie może odnaleźć określonej ścieżki. ! ? System32\DRIVERS\cmdhlp.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Java\jre6\bin\jqs.exe[204] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[356] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[356] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00C5D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [35, 84] .text C:\Program Files\Plus Internet\Plus Internet.exe[424] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00C6BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00C6B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C67DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00C5D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C64F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C65AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00C63A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00C64390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00C68BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00C68990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00C69CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Plus Internet\Plus Internet.exe[424] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00C69BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\wscntfy.exe[644] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wscntfy.exe[644] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 00F8D080 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [68, 84] .text C:\Program Files\Tlen.pl\tlen.exe[656] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 00F9BB80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 00F9B860 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00F97DF0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00F8D1A0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F94F30 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F95AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00F98BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00F98990 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00F99CC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00F99BC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] advapi32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 00F93A60 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Tlen.pl\tlen.exe[656] advapi32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 00F94390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\System32\alg.exe[972] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[972] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\csrss.exe[992] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\csrss.exe[992] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll .text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[1064] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\lsass.exe[1076] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[1076] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1224] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1280] rpcss.dll!WhichService 76A64234 8 Bytes JMP ED501001 .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1320] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00530250 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1320] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00549CD0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1348] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1512] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1656] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[1704] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 20, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 23, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 20, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 21, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91723A .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 22, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 21, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 22, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9172AB .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 20, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9173D9 .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 21, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 22, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 23, 9C, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1724] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\spoolsv.exe[1892] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1892] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[1972] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913A1A .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913A8B .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913BB9 .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 64, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2304] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[3100] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 10, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 13, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 10, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 11, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912D2A .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 12, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 11, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 12, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912D9B .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 10, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912EC9 .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 11, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 12, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 13, 57, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3232] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91A5A2 .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91A613 .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91A741 .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, CF, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3672] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ED0E .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED7F .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EEAD .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, 16, 00] .text C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3888] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\Explorer.EXE[3892] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\Explorer.EXE[3892] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[3892] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\RTHDCPL.EXE[4064] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\RTHDCPL.EXE[4064] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffff95} .text C:\WINDOWS\SOUNDMAN.EXE[4076] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] ADVAPI32.dll!CreateProcessAsUserW 77DDA8A9 5 Bytes JMP 10023A60 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\SOUNDMAN.EXE[4076] ADVAPI32.dll!CreateProcessAsUserA 77E00CE8 5 Bytes JMP 10024390 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys ---- Processes - GMER 2.1 ---- Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [204] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [356] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Plus Internet\Plus Internet.exe [424] 0x00C40000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\wscntfy.exe [644] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Tlen.pl\tlen.exe [656] 0x00F70000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [972] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1020] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1064] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1076] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1224] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1280] 0x10000000 Library C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x00400000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x10000000 Library C:\Program Files\COMODO\COMODO Internet Security\Framework.dll (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x01010000 Library C:\Program Files\COMODO\COMODO Internet Security\platform.dll (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x01F80000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x01FD0000 Library C:\Program Files\COMODO\COMODO Internet Security\signmgr.dll (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x02380000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\fileid.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x025C0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x02600000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x02680000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03000000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\pe32.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03040000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\pe.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03080000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\script.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x030E0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03150000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03190000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x031D0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03210000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\dunpack.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03480000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03500000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\gunpack.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x035D0000 Library C:\Program Files\COMODO\COMODO Internet Security\scanners\extra.cav (*** hidden *** ) @ C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [1320] 0x03620000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1348] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1512] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1656] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\wbem\wmiapsrv.exe [1704] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1724] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1892] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1972] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [3100] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [3892] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\RTHDCPL.EXE [4064] 0x10000000 Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\SOUNDMAN.EXE [4076] 0x10000000 ---- Files - GMER 2.1 ---- File C:\Documents and Settings\Właściciel\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Local State~RF551494.TMP 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\0194428C-1571-4A9C-8910-4D3860A70F70.data.info 176 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\9551D3C6-B7C6-4EBA-9123-95611A030352.data.info 204 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0733038-9E98-47F8-92AD-1478F8D49A7C.data 997768 bytes executable File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\A0733038-9E98-47F8-92AD-1478F8D49A7C.data.info 286 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_END_USER_v15806.cav 139878610 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15807.cav 2159925 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15808.cav 2149619 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15809.cav 2141909 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15810.cav 2134259 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15811.cav 2132581 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15812.cav 2115562 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15813.cav 2110690 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15814.cav 2103655 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15815.cav 2098199 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15816.cav 2099066 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15817.cav 2098748 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15818.cav 2098455 bytes File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_UPD_END_USER_v15819.cav 1196032 bytes ---- EOF - GMER 2.1 ----