GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-20 14:13:04 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BEVE-00A0HT0 rev.11.01A11 74,53GB Running: utpuvurn.exe; Driver: C:\DOCUME~1\kitt\USTAWI~1\Temp\pxtdrpob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEEE5759C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEEF0B388] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xEEE5802E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEEE9B316] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEEE637F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEEE6383E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEEE639D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEEE9ACCA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEEE63760] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEEE63882] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEEE637A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xEEE5852C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEEE63992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xEEE58DE4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEEE57602] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEEE9B9DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEEE9BC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEEE5C5C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEE9B847] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEE9B6B2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEEF0B450] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEEE571EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEEE57668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEEE5C98C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEEE59874] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEEE6381C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEEE63860] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEEE639FC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEEE9B026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEEE63786] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEEE5BEA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEEE63910] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEEE637D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEEE5C29A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEEE639B6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEEF0B5B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEEE9B52D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEEE59740] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEEE9B37F] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xEEE59296] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEF184DA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEEE9A310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEEE576CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEEE57734] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xEEE58C5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEEE57284] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEEE5745A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEEE9BAE3] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEEE573E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xEEE58FAE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xEEE59110] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEEE574E2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xEEE58A9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xEEE58C3E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xEEF099E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEEE5779A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xEEE5808A] INT 0x03 \WINDOWS\system32\ntoskrnl.exe[unknown section] 804D757B Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEEF24BA0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 4 Bytes JMP BBEEE571 .text ntoskrnl.exe!_abnormal_termination + 228 804E2894 8 Bytes [26, B0, E9, EE, 86, 37, E6, ...] {MOV AL, 0xe9; OUT DX, AL; XCHG [EDI], DH; OUT 0xee, AL} .text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [CE, 76, E5, EE, 34, 77, E5, ...] {INTO ; JBE 0xffffffe8; OUT DX, AL; XOR AL, 0x77; IN EAX, 0xee; POP ESI; MOV EBP, FS; OUT DX, AL} .text ntoskrnl.exe!_abnormal_termination + 430 804E2A9C 4 Bytes CALL 8A3D1014 .text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [AE, 8F, E5, EE, 10, 91, E5, ...] PAGE ntoskrnl.exe!ObInsertObject 805651BA 5 Bytes JMP EEF23554 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BC20 4 Bytes CALL EEE59F21 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 805830E4 7 Bytes JMP EEF24BA4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059EAEB 5 Bytes JMP EEF21A3A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF8099A8 5 Bytes JMP EEE5E284 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C904 5 Bytes JMP EEE5E162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8139C6 5 Bytes JMP EEE5E116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C618 5 Bytes JMP EEE5D6EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79C4 BF8241A4 5 Bytes JMP EEE5CD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828B0E 5 Bytes JMP EEE5E3FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831516 5 Bytes JMP EEE5E614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B6BA BF839F80 5 Bytes JMP EEE5E00A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CB BF851843 5 Bytes JMP EEE5CBF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BD6A 5 Bytes JMP EEE5D7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3567 BF85E3BA 5 Bytes JMP EEE5D22C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 35F2 BF85E445 5 Bytes JMP EEE5D508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F6B6 5 Bytes JMP EEE5CAD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5466 BF864A94 5 Bytes JMP EEE5E1B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35EF BF87327E 5 Bytes JMP EEE5D2F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 412C BF873DBB 5 Bytes JMP EEE5D4C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890EAB 5 Bytes JMP EEE5D7E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF894455 5 Bytes JMP EEE5E33C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894F2D 5 Bytes JMP EEE5E56C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C2E6 5 Bytes JMP EEE5D6CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D87B 5 Bytes JMP EEE5CDF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A99B BF8C1D2C 5 Bytes JMP EEE5CF24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + A5A0 BF8EB467 5 Bytes JMP EEE5D70A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFF28 5 Bytes JMP EEE5C9C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F20F7 5 Bytes JMP EEE5D008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F2377 5 Bytes JMP EEE5D150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A13 BF9145F9 5 Bytes JMP EEE5CCDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CBF BF9148A5 5 Bytes JMP EEE5D88C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25E7 BF9151CD 5 Bytes JMP EEE5CEBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F68 BF917B4E 5 Bytes JMP EEE5D628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 193F BF947E1F 5 Bytes JMP EEE5E4BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\aksfridge.sys section is writeable [0xEE85A000, 0x47E35, 0xE0000020] .init C:\WINDOWS\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xEE8AE224] .init C:\WINDOWS\system32\DRIVERS\aksfridge.sys unknown last code section [0xEE8AE000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xEE7A1400, 0x6E6E2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xEE82B820] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xEE82B820] .protect˙˙˙˙hardlockunknown last code section [0xEE82B600, 0x512A, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xEE82B600, 0x512A, 0xE0000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 54, B6, 00] {SUB [ESI+ESI*4+0x0], DL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 57, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 54, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 55, B6, 00] {TEST AL, 0x55; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918C6E .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 56, B6, 00] {TEST AL, 0x56; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 55, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 56, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918CDF .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 54, B6, 00] {TEST AL, 0x54; MOV DH, 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918E0D .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 55, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 56, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 57, B6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00E503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00E61014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00E60804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00E60A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00E60C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00E60E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00E601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00E603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00E60600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00E70804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00E70A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00E70600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00E701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[164] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00E703FC .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003501F8 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003503FC .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00361014 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00360804 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00360A08 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00360C0C .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00360E10 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003601F8 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003603FC .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00360600 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82] .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8 .text C:\Program Files\Microsoft SQL Server\MSSQL10_50.KNXETS4\MSSQL\Binn\sqlservr.exe[188] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Launch Manager\LaunchAp.exe[212] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Launch Manager\LaunchAp.exe[212] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Launch Manager\LaunchAp.exe[212] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Launch Manager\PowerKey.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Launch Manager\PowerKey.exe[380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Launch Manager\PowerKey.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Launch Manager\PowerKey.exe[380] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Launch Manager\PowerKey.exe[380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\Program Files\Launch Manager\PowerKey.exe[380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\Program Files\Launch Manager\PowerKey.exe[380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\Program Files\Launch Manager\PowerKey.exe[380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\Program Files\Launch Manager\PowerKey.exe[380] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\Program Files\Launch Manager\PowerKey.exe[380] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Launch Manager\PowerKey.exe[380] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Launch Manager\PowerKey.exe[380] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Launch Manager\PowerKey.exe[380] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Launch Manager\PowerKey.exe[380] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Launch Manager\PowerKey.exe[380] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Launch Manager\PowerKey.exe[380] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Launch Manager\PowerKey.exe[380] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Launch Manager\HotkeyApp.exe[412] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Launch Manager\CtrlVol.exe[424] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Launch Manager\CtrlVol.exe[424] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Launch Manager\CtrlVol.exe[424] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Launch Manager\Wbutton.exe[440] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Launch Manager\Wbutton.exe[440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Launch Manager\Wbutton.exe[440] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Launch Manager\Wbutton.exe[440] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Launch Manager\Wbutton.exe[440] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\Launch Manager\Wbutton.exe[440] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\Launch Manager\Wbutton.exe[440] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\Launch Manager\Wbutton.exe[440] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\Launch Manager\Wbutton.exe[440] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\Launch Manager\Wbutton.exe[440] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\Launch Manager\Wbutton.exe[440] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\Launch Manager\Wbutton.exe[440] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Launch Manager\Wbutton.exe[440] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Launch Manager\Wbutton.exe[440] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Launch Manager\Wbutton.exe[440] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Launch Manager\Wbutton.exe[440] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Launch Manager\Wbutton.exe[440] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\System32\smss.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003501F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003503FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00361014 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00360804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00360A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00360C0C .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00360E10 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003601F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003603FC .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00360600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00370804 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00370A08 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00370600 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003701F8 .text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[500] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003703FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[572] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[596] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[832] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\ctfmon.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\ctfmon.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\ctfmon.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\ctfmon.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\ctfmon.exe[832] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\ctfmon.exe[832] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\ctfmon.exe[832] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00340804 .text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00340A08 .text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00340600 .text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003401F8 .text C:\WINDOWS\system32\ctfmon.exe[832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003403FC .text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 2C, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 2F, 87, 00] {SUB [EDI], CH; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 2C, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 2D, 87, 00] {TEST AL, 0x2d; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915D46 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 2E, 87, 00] {TEST AL, 0x2e; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 2D, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 2E, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915DB7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 2C, 87, 00] {TEST AL, 0x2c; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B915EE5 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 2D, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 2E, 87, 00] {SUB [ESI], CH; XCHG [EAX], EAX} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 2F, 87, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00B603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00B71014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00B70804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00B70A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00B70C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00B70E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00B701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00B703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00B70600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00B80804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00B80A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00B80600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00B801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1180] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00B803FC .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1384] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\hasplms.exe[1772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\hasplms.exe[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hasplms.exe[1772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\hasplms.exe[1772] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\hasplms.exe[1772] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\hasplms.exe[1772] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\hasplms.exe[1772] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\hasplms.exe[1772] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\hasplms.exe[1772] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\hasplms.exe[1772] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\hasplms.exe[1772] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\hasplms.exe[1772] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\hasplms.exe[1772] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\hasplms.exe[1772] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\hasplms.exe[1772] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\hasplms.exe[1772] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\hasplms.exe[1772] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2228] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014 .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10 .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\svchost.exe[2228] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\svchost.exe[2228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00470804 .text C:\WINDOWS\system32\svchost.exe[2228] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00470A08 .text C:\WINDOWS\system32\svchost.exe[2228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00470600 .text C:\WINDOWS\system32\svchost.exe[2228] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004701F8 .text C:\WINDOWS\system32\svchost.exe[2228] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004703FC .text C:\WINDOWS\System32\alg.exe[2424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2424] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2424] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\System32\alg.exe[2424] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\System32\alg.exe[2424] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\System32\alg.exe[2424] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\System32\alg.exe[2424] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\System32\alg.exe[2424] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, AC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, AF, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, AC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, AD, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90ECC6 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, AE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, AD, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, AE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90ED37 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, AC, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EE65 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, AD, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, AE, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, AF, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 005A1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 005A0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 005A0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 005A0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 005A0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005A01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005A03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 005A0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 005B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2552] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 88, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 8B, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 88, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 89, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9184A2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 8A, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 89, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 8A, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918513 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 88, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918641 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 89, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 8A, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 8B, AE, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00DD01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 00DD03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00DE1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00DE0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00DE0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00DE0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00DE0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00DE01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00DE03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00DE0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00DF0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00DF0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00DF0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00DF01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2988] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00DF03FC .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\Documents and Settings\kitt\Pulpit\diagnostyka\utpuvurn.exe[3216] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wuauclt.exe[3628] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3628] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\wuauclt.exe[3628] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wuauclt.exe[3628] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wuauclt.exe[3628] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C .text C:\WINDOWS\system32\wuauclt.exe[3628] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\wuauclt.exe[3628] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wuauclt.exe[3628] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wuauclt.exe[3628] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600 .text C:\WINDOWS\system32\wuauclt.exe[3628] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00340804 .text C:\WINDOWS\system32\wuauclt.exe[3628] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00340A08 .text C:\WINDOWS\system32\wuauclt.exe[3628] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00340600 .text C:\WINDOWS\system32\wuauclt.exe[3628] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003401F8 .text C:\WINDOWS\system32\wuauclt.exe[3628] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 34, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 37, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 34, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 35, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91AC4E .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 36, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 35, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 36, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91ACBF .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 34, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91ADED .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 35, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 36, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 37, D6, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 010501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 010503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01061014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01060804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01060A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01060C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01060E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01060600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01070804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01070A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01070600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010701F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010703FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3972] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\Google\Chrome\Application\chrome.exe[164] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CA0010 IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8FC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[640] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[640] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 009B0010 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8FC70] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2552] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00290010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[2988] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00C20010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3636] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00EA0010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 mouclass.sys (Sterownik klasy myszy/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- EOF - GMER 2.1 ----