GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-23 20:22:35 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\00000068 WDC_WD3200AAKX-001CA0 rev.15.01H15 298,09GB Running: 2pdmms7p.exe; Driver: C:\DOCUME~1\JA\USTAWI~1\Temp\ufxdakoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAB6C7644] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAB7A3668] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xAB6C80D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAB70B386] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAB6D389A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAB6D38E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAB6D3A80] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAB70AD3A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAB6D3808] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAB6D392A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAB6D3850] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xAB6C85D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAB6D3A3A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xAB6C8E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAB6C76AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAB70BA4C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAB70BD02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAB6CC6AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAB70B8B7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAB70B722] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAB7A3730] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAB6C7292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAB6C7710] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAB6CCA76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAB6C991C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAB6D38C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAB6D3908] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAB6D3AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAB70B096] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAB6D382E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAB6CBF92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAB6D39B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAB6D3878] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAB6CC384] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAB6D3A5E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAB7A3890] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAB70B59D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAB6C97E8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAB70B3EF] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xAB6C933E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAB7B07BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAB70A380] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAB6C7776] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAB6C77DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xAB6C8D06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAB6C732C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAB6C7502] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAB70BB53] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAB6C7490] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xAB6C9056] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xAB6C91B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAB6C758A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xAB6C8B44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xAB6C8CE6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xAB7A1CB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAB6C7842] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xAB6C8132] INT 0x63 ? 8A647CC8 INT 0x83 ? 8A7C5CC8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAB7BCE80] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047FC 4 Bytes CALL E4FBB498 .text ntkrnlpa.exe!ZwCallbackReturn + 2FD4 805048BC 12 Bytes [76, 77, 6C, AB, DC, 77, 6C, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 307C 80504964 12 Bytes [56, 90, 6C, AB, B8, 91, 6C, ...] {PUSH ESI; NOP ; INS BYTE [ES:EDI], DX; STOSD ; MOV EAX, 0x8aab6c91; JNZ 0x77; STOSD } PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64DC 4 Bytes CALL AB6C9FC9 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC58A 5 Bytes JMP AB7B9D1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C300E 5 Bytes JMP AB7BB834 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D11CA 7 Bytes JMP AB7BCE84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB9F8D346] .text USBPORT.SYS!DllUnload B8D608AC 5 Bytes JMP 8A6471D8 .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB870C000, 0x1A5044, 0xE8000020] ? C:\WINDOWS\System32\Drivers\aoouqky3.SYS suspicious PE modification .text win32k.sys!EngFreeUserMem + 674 BF80996D 5 Bytes JMP AB6CE36E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C8C9 5 Bytes JMP AB6CE24C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF81398B 5 Bytes JMP AB6CE200 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E638 5 Bytes JMP AB6CCCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 197D BF820D45 5 Bytes JMP AB6CD7D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPaint + 11A6 BF82D55F 5 Bytes JMP AB6CCE3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLockSurface + C09 BF82E6DD 5 Bytes JMP AB6CE4E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + 2E84 BF83906A 5 Bytes JMP AB6CE6FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + B8EE BF841AD4 5 Bytes JMP AB6CE0F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + E0AA BF844290 5 Bytes JMP AB6CD7B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_bEnum + F626 BF84580C 5 Bytes JMP AB6CCEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 290F BF86F4AE 5 Bytes JMP AB6CD8AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4BED BF87178C 5 Bytes JMP AB6CD316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 4C78 BF871817 5 Bytes JMP AB6CD5F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 584E BF8723ED 5 Bytes JMP AB6CCBC2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + AC2C BF8777CB 5 Bytes JMP AB6CE29C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnicodeToMultiByteN + 67E3 BF87E9EA 5 Bytes JMP AB6CE426 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 35E9 BF897CBE 5 Bytes JMP AB6CD3DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4126 BF8987FB 5 Bytes JMP AB6CD5AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8B58E1 5 Bytes JMP AB6CD8CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 2862 BF8B8FFF 5 Bytes JMP AB6CE656 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 35C2 BF8C1C2F 3 Bytes JMP AB6CD00E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 35C6 BF8C1C33 1 Byte [EB] .text win32k.sys!EngDeleteSemaphore + A58F BF8EB1A7 5 Bytes JMP AB6CD7F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8EFC68 5 Bytes JMP AB6CCAAC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3BBE BF8F1E37 5 Bytes JMP AB6CD0F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 3E3E BF8F20B7 5 Bytes JMP AB6CD23A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A3E BF914770 5 Bytes JMP AB6CCDC6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1CEA BF914A1C 5 Bytes JMP AB6CD976 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2612 BF915344 5 Bytes JMP AB6CCFA6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F93 BF917CC5 5 Bytes JMP AB6CD712 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1943 BF9480DA 5 Bytes JMP AB6CE5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA8998300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xBA378300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\RTHDCPL.EXE[204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\RTHDCPL.EXE[204] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[240] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[268] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[272] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[272] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[428] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[512] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Multimedia mobilNET\OnlineUpdate\ouc.exe[636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Multimedia mobilNET\OnlineUpdate\ouc.exe[636] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\NCLAUNCH.EXe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\NCLAUNCH.EXe[640] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[664] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[696] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[740] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1444] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1468] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1896] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\srvany.exe[1944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\srvany.exe[1944] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1972] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\KMService.exe[1988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\KMService.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004D0804 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004D0A08 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004D0600 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004D01F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2020] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004D03FC .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe[2608] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe[2996] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3008] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004E0804 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004E0A08 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004E0600 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004E01F8 .text C:\Documents and Settings\JA\Moje dokumenty\Downloads\2pdmms7p.exe[3100] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004E03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00031014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00030804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00030A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00030C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00030E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 000301F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 000303FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00030600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00490804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00490A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00490600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004901F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004903FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, C4, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, C7, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, C4, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, C5, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9127DE .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, C6, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, C5, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, C6, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91284F .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, C4, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91297D .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, C5, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, C6, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, C7, 51, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008001F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 008003FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00811014 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00810804 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00810A08 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00810C0C .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00810E10 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008101F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008103FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00810600 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00820804 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00820A08 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00820600 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008201F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008203FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 70, 62, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 73, 62, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 70, 62, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 71, 62, 00] {TEST AL, 0x71; BOUND EAX, [EAX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91388A .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 72, 62, 00] {TEST AL, 0x72; BOUND EAX, [EAX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 71, 62, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 72, 62, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9138FB .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 70, 62, 00] {TEST AL, 0x70; BOUND EAX, [EAX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913A29 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 71, 62, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 72, 62, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 73, 62, 00] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009101F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009103FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00921014 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00920804 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00920A08 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00920C0C .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00920E10 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009201F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009203FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00920600 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00930804 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00930A08 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00930600 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009301F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009303FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F4, 02, 01] {SUB AH, DH; ADD AL, [ECX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, F7, 02, 01] {SUB BH, DH; ADD AL, [ECX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F4, 02, 01] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F5, 02, 01] {TEST AL, 0xf5; ADD AL, [ECX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91D90E .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, F6, 02, 01] {TEST AL, 0xf6; ADD AL, [ECX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F5, 02, 01] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, F6, 02, 01] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91D97F .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F4, 02, 01] {TEST AL, 0xf4; ADD AL, [ECX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91DAAD .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F5, 02, 01] {SUB CH, DH; ADD AL, [ECX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, F6, 02, 01] {SUB DH, DH; ADD AL, [ECX]} .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, F7, 02, 01] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013101F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 013103FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01321014 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01320804 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01320A08 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01320C0C .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01320E10 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 013201F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 013203FC .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01320600 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01330804 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01330A08 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01330600 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013301F8 .text C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013303FC ---- Kernel IAT/EAT - GMER 2.1 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E93232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E92730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E92F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E92730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E92914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E92856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E930F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E92F12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 IAT C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C90790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00650010 IAT C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00760010 IAT C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4032] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 01160010 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8A7C41F8 Device \FileSystem\Fastfat \FatCdrom 88FE1430 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBPDO-0 8A6261F8 Device \Driver\usbehci \Device\USBPDO-1 8A6491F8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 8A6631F8 Device \Driver\atapi \Device\Ide\IdePort0 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B9E22B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\nvata \Device\00000068 8A7C51F8 Device \Driver\nvata \Device\00000069 8A7C51F8 Device \Driver\usbstor \Device\00000076 8A3A3430 Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3B5430 Device \Driver\usbstor \Device\00000079 8A3A3430 Device \Driver\NetBT \Device\NetbiosSmb 8A3B5430 Device \Driver\PCI_PNP9788 \Device\0000004c sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP9788 \Device\0000004c sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\NetBT \Device\NetBT_Tcpip_{A96AE413-9242-446A-A014-BAD4FF7A7744} 8A3B5430 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBFDO-0 8A6261F8 Device \Driver\usbstor \Device\0000007a 8A3A3430 Device \Driver\usbehci \Device\USBFDO-1 8A6491F8 Device \Driver\nvata \Device\NvAta0 8A7C51F8 Device \Driver\usbstor \Device\0000007b 8A3A3430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8907E1F8 Device \Driver\usbstor \Device\0000007c 8A3A3430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8907E1F8 Device \Driver\aoouqky3 \Device\Scsi\aoouqky31 8A5181F8 Device \FileSystem\Fastfat \Fat 88FE1430 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 88F8A430 ---- Trace I/O - GMER 2.1 ---- Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a7c51f8]<< 8a7c51f8 Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6d2030] 8a6d2030 Trace 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8a719538] 8a719538 Trace 5 ACPI.sys[b9e67620] -> nt!IofCallDriver -> \Device\00000068[0x8a719650] 8a719650 Trace \Driver\nvata[0x8a71a3d8] -> IRP_MJ_CREATE -> 0x8a7c51f8 8a7c51f8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x1C 0xE7 0x83 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE7 0x49 0xE5 0x33 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x52 0x49 0x4F 0xEC ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x56 0x9F 0x8E 0x31 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x1C 0xE7 0x83 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0xF1 0xFB 0x56 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAD 0x48 0x1B 0x63 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x18 0x7F 0xA2 0xCA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4C 0x1C 0xE7 0x83 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x0B 0xF1 0xFB 0x56 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAD 0x48 0x1B 0x63 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x18 0x7F 0xA2 0xCA ... ---- Files - GMER 2.1 ---- File C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000c7c 913408 bytes File C:\Documents and Settings\JA\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Cache\f_000c7d 237568 bytes ---- EOF - GMER 2.1 ----