Proszę o pomoc czy jest tu jakiś robal ...mam czarny ekran

**Posty:** 3 · przez **AdBr** 22 Lut 2012, 15:25

Kod: Zaznacz wszystko
Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:06:49, on 2012-02-22 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\Taskmgr.exe C:\Windows\explorer.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE C:\Windows\System32\rundll32.exe D:\Moje Programy\Sony\PMBVolumeWatcher.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\ehome\ehmsas.exe D:\Moje Programy\Mozilla Firefox\firefox.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe D:\Moje Programy\Mozilla Firefox\plugin-container.exe C:\Program Files\Pakiet Bezpieczeństwa UPC\FSGUI\fscuif.exe D:\Moje Programy\Hijack\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\crrss.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Pakiet Bezpieczeństwa UPC\NRS\iescript\baselitmus.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\ADAM\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (file missing) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Pakiet Bezpieczeństwa UPC\NRS\iescript\baselitmus.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [PrzyspieszKomputer] C:\Program Files\Przyspiesz Komputer\przyspieszkomputer.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pakiet Bezpieczeństwa UPC\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PMBVolumeWatcher] D:\Moje Programy\Sony\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [crrss] C:\Windows\system32\crrss.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\Windows\TEMP\E_S555C.tmp" /EF "HKCU" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [winlogon] C:\Users\ADAM\winlogon.exe O4 - Startup: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2010.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Locate Spot on Map by GPS - D:\Moje Programy\IExif 2.3\IExifMap.htm O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - D:\Moje Programy\IExif 2.3\IExifCom.htm O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Wyślij obraz do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Wyślij stronę do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\Windows\TEMP\F-Secure\Anti-Virus\fsblsrv.exe (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Pakiet Bezpieczeństwa UPC\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pakiet Bezpieczeństwa UPC\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Pakiet Bezpieczeństwa UPC\ORSP Client\fsorsp.exe O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: Virtual Disk Service Manager (MSR Service) - Unknown owner - C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PMBDeviceInfoProvider - Sony Corporation - D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- End of file - 9722 bytes

Bardzo proszę o pomoc czy jest tu jakiś wirus trojan
Ponieważ mam taki problem że po ekranie powitalnym w Vista pl pojawia się czarny ekran z kursorem
Nie można niczego uruchomić jedynie menadżerem zadań mogę uruchomić aplikację np mozillę
Na tym czarnym ekranie pojawia się komunikat że winlogon.exe próbuję się otworzyć i czy zezwalam
i nie ważne czy nacisnę tak czy nie ekran pozostaje czarny
Z forum wyczytałem aby uruchomić proces explorer.exe - tak zrobiłem pojawił się ekran ale i tak jak zrestartuje system problem pozostaje bez zmian - POMOCY !!!!!!! :1:

Vista pokzauje mi też info o zablokowanych programach startowych : winlogon

Bardzo bede wdzięczny za pomoc
Pozdrawiam

**Posty:** 12734 · przez **Mikou@j** 22 Lut 2012, 15:27

Wywal tego loga, który nikomu do niczego nie jest potrzebny.
Przeczytaj wszystko-o-logach-aktualizacja-30-01-2012-vt117887.html i wstaw odpowiednie logi 2 otl i gmera, w załącznikach!

**Posty:** 3 · przez **AdBr** 23 Lut 2012, 17:06

Wklejam loga z GMER

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-23 16:02:57 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 Running: gmer.exe; Driver: C:\Users\ADAM\AppData\Local\Temp\kxldrpoc.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwCreateThread [0x92712E8C] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwLoadDriver [0x927131BC] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x92712BCC] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwOpenSection [0x927135EE] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwRenameKey [0x9271488C] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x9271343E] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSuspendProcess [0x92712A4C] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSuspendThread [0x92712EC0] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x92713042] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwTerminateProcess [0x927129A6] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwTerminateThread [0x92712B06] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x92712F86] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x92712EA6] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 411 82471A08 4 Bytes [8C, 2E, 71, 92] {MOV WORD [ESI], GS; JNO 0xffffffffffffff96} .text ntoskrnl.exe!KeInsertQueue + 56D 82471B64 4 Bytes [BC, 31, 71, 92] .text ntoskrnl.exe!KeInsertQueue + 59D 82471B94 4 Bytes [CC, 2B, 71, 92] {INT 3 ; SUB ESI, [ECX-0x6e]} .text ntoskrnl.exe!KeInsertQueue + 5ED 82471BE4 4 Bytes [EE, 35, 71, 92] .text ntoskrnl.exe!KeInsertQueue + 705 82471CFC 4 Bytes [8C, 48, 71, 92] {MOV WORD [EAX+0x71], CS; XCHG EDX, EAX} .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90006340, 0x3EE687, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 013E000C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 013E100C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 013E200C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 013E300C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 013E400C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 013E800C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 013E600C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 013E900C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 013E700C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 013E500C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 013EB00C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 013EA00C .text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000D000C .text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000D100C .text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000D200C .text C:\Windows\ehome\ehtray.exe[252] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000D300C .text C:\Windows\ehome\ehtray.exe[252] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000D400C .text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000D800C .text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000D600C .text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000D900C .text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000D700C .text C:\Windows\ehome\ehtray.exe[252] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000D500C .text C:\Windows\ehome\ehtray.exe[252] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000DB00C .text C:\Windows\ehome\ehtray.exe[252] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000DA00C .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 007E000C .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 007E100C .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 007E200C .text C:\Windows\system32\wininit.exe[672] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 007E300C .text C:\Windows\system32\wininit.exe[672] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 007E400C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 007E800C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 007E600C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW 771D9EB4 3 Bytes JMP 007E900C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW + 4 771D9EB8 1 Byte [89] .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 007E700C .text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW 76F287AD 3 Bytes JMP 007E500C .text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW + 4 76F287B1 1 Byte [89] .text C:\Windows\system32\wininit.exe[672] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 007EA00C .text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001F000C .text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001F100C .text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001F200C .text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 001F300C .text C:\Windows\system32\lsass.exe[732] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 001F400C .text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 001F800C .text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 001F600C .text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 001F900C .text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 001F700C .text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001F500C .text C:\Windows\system32\lsass.exe[732] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 001FB00C .text C:\Windows\system32\lsass.exe[732] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 001FA00C .text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0014000C .text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0014100C .text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0014200C .text C:\Windows\system32\lsm.exe[740] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0014300C .text C:\Windows\system32\lsm.exe[740] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0014400C .text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0014800C .text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0014600C .text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0014900C .text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0014700C .text C:\Windows\system32\lsm.exe[740] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0014500C .text C:\Windows\system32\lsm.exe[740] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0014A00C .text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003A000C .text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003A100C .text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003A200C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0036000C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0036100C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0036200C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0036300C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0036400C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0036A00C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0036500C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0036B00C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0036800C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0036600C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0036900C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0036700C .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0031000C .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0031100C .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0031200C .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003D000C .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003D100C .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003D200C .text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003D300C .text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003D400C .text C:\Windows\system32\nvvsvc.exe[932] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003D500C .text C:\Windows\system32\nvvsvc.exe[932] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003DB00C .text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003D800C .text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003D600C .text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003D900C .text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003D700C .text C:\Windows\system32\nvvsvc.exe[932] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003DA00C .text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0009000C .text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0009100C .text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0009200C .text C:\Windows\System32\rundll32.exe[956] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0009300C .text C:\Windows\System32\rundll32.exe[956] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0009400C .text C:\Windows\System32\rundll32.exe[956] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0009500C .text C:\Windows\System32\rundll32.exe[956] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0009B00C .text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0009800C .text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0009600C .text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0009900C .text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0009700C .text C:\Windows\System32\rundll32.exe[956] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0009A00C .text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0083000C .text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0083100C .text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0083200C .text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 006E000C .text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 006E100C .text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 006E200C .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001E000C .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001E100C .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001E200C .text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00F7000C .text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00F7100C .text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00F7200C .text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000A000C .text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000A100C .text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000A200C .text C:\Windows\system32\agrsmsvc.exe[1104] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000A300C .text C:\Windows\system32\agrsmsvc.exe[1104] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000A400C .text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000A800C .text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000A600C .text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000A900C .text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000A700C .text C:\Windows\system32\agrsmsvc.exe[1104] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000A500C .text C:\Windows\system32\agrsmsvc.exe[1104] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000AB00C .text C:\Windows\system32\agrsmsvc.exe[1104] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000AA00C .text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00F4000C .text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00F4100C .text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00F4200C .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0010000C .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0010100C .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0010200C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0009000C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0009100C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0009200C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0009300C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0009400C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0009800C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0009600C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0009900C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0009700C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0009500C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0009B00C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0009A00C .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0026000C .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0026100C .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0026200C .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00D7000C .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00D7100C .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00D7200C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0026000C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0026100C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0026200C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0026300C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0026400C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0026800C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0026600C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0026900C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0026700C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0026500C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0026B00C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0026A00C .text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 005C000C .text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 005C100C .text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 005C200C .text C:\Windows\system32\winlogon.exe[1400] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 005C300C .text C:\Windows\system32\winlogon.exe[1400] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 005C400C .text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 005C800C .text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 005C600C .text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 005C900C .text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 005C700C .text C:\Windows\system32\winlogon.exe[1400] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 005C500C .text C:\Windows\system32\winlogon.exe[1400] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 005CB00C .text C:\Windows\system32\winlogon.exe[1400] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 005CA00C .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 005D000C .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 005D100C .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 005D200C .text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 009A000C .text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 009A100C .text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 009A200C .text C:\Windows\system32\WLANExt.exe[1596] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 009A300C .text C:\Windows\system32\WLANExt.exe[1596] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 009A400C .text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 009A800C .text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 009A600C .text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 009A900C .text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 009A700C .text C:\Windows\system32\WLANExt.exe[1596] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 009A500C .text C:\Windows\system32\WLANExt.exe[1596] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 009AB00C .text C:\Windows\system32\WLANExt.exe[1596] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 009AA00C .text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0051000C .text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0051100C .text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0051200C .text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0051300C .text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0051400C .text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0051800C .text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0051600C .text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0051900C .text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0051700C .text C:\Windows\system32\taskeng.exe[1716] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0051500C .text C:\Windows\system32\taskeng.exe[1716] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0051B00C .text C:\Windows\system32\taskeng.exe[1716] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0051A00C .text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0067000C .text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0067100C .text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0067200C .text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000F000C .text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000F100C .text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000F200C .text C:\Windows\system32\rundll32.exe[1844] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000F300C .text C:\Windows\system32\rundll32.exe[1844] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000F400C .text C:\Windows\system32\rundll32.exe[1844] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000F500C .text C:\Windows\system32\rundll32.exe[1844] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000FB00C .text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000F800C .text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000F600C .text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000F900C .text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000F700C .text C:\Windows\system32\rundll32.exe[1844] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000FA00C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000B000C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000B100C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000B200C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000B300C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000B400C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000B800C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000B600C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000B900C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000B700C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B500C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000BB00C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000BA00C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01B0000C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01B0100C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01B0200C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01B0300C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01B0400C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01B0800C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01B0600C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01B0900C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01B0700C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01B0500C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01B0B00C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01B0A00C .text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01A9000C .text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01A9100C .text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01A9200C .text C:\Windows\system32\taskeng.exe[2388] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01A9300C .text C:\Windows\system32\taskeng.exe[2388] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01A9400C .text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01A9800C .text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01A9600C .text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01A9900C .text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01A9700C .text C:\Windows\system32\taskeng.exe[2388] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01A9500C .text C:\Windows\system32\taskeng.exe[2388] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01A9B00C .text C:\Windows\system32\taskeng.exe[2388] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01A9A00C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0086000C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0086100C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0086200C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!LoadLibraryExW 775D927C 3 Bytes JMP 0086300C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!LoadLibraryExW + 4 775D9280 1 Byte [89] .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0086400C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0086500C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0086B00C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0086800C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0086600C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0086900C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0086700C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] OLE32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0086A00C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0057000C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0057100C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0057200C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0057300C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0057400C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0057800C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0057600C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0057900C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0057700C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0057A00C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0057500C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0057B00C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001B000C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001B100C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001B200C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 001B300C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 001B400C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001B500C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 001BB00C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 001B800C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 001B600C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 001B900C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 001B700C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 001BA00C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003A000C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003A100C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003A200C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003A300C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003A400C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003A500C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003AB00C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003A800C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003A600C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003A900C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003A700C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003AA00C .text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0052000C .text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0052100C .text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0052200C .text C:\Windows\system32\taskeng.exe[2528] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0052300C .text C:\Windows\system32\taskeng.exe[2528] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0052400C .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0052800C .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0052600C .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0052900C .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0052700C .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0052500C .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0052B00C .text C:\Windows\system32\taskeng.exe[2528] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0052A00C .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0298000C .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0298100C .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0298200C .text C:\Windows\system32\Dwm.exe[2536] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0298300C .text C:\Windows\system32\Dwm.exe[2536] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0298400C .text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0298800C .text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0298600C .text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0298900C .text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0298700C .text C:\Windows\system32\Dwm.exe[2536] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0298500C .text C:\Windows\system32\Dwm.exe[2536] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0298B00C .text C:\Windows\system32\Dwm.exe[2536] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0298A00C .text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C .text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C .text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C .text C:\Windows\ehome\ehmsas.exe[2552] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0013300C .text C:\Windows\ehome\ehmsas.exe[2552] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0013400C .text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0013800C .text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0013600C .text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0013900C .text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0013700C .text C:\Windows\ehome\ehmsas.exe[2552] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0013500C .text C:\Windows\ehome\ehmsas.exe[2552] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0013B00C .text C:\Windows\ehome\ehmsas.exe[2552] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0013A00C .text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 03C1000C .text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 03C1100C .text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 03C1200C .text C:\Windows\explorer.exe[2648] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 03C1300C .text C:\Windows\explorer.exe[2648] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 03C1400C .text C:\Windows\explorer.exe[2648] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 03C1800C .text C:\Windows\explorer.exe[2648] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 03C1600C .text C:\Windows\explorer.exe[2648] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 03C1900C .text C:\Windows\explorer.exe[2648] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 03C1700C .text C:\Windows\explorer.exe[2648] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 03C1500C .text C:\Windows\explorer.exe[2648] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 03C1B00C .text C:\Windows\explorer.exe[2648] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 03C1A00C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0024000C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0024100C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0024200C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0024300C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0024400C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CloseServiceHandle 771B82A5 3 Bytes JMP 0024800C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CloseServiceHandle + 4 771B82A9 1 Byte [89] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0024600C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0024900C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0024700C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0024500C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0024B00C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0024A00C .text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001D000C .text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001D100C .text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001D200C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 009F000C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 009F100C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 009F200C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 009F300C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 009F400C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 009F800C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 009F600C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 009F900C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 009F700C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 009F500C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 009FB00C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 009FA00C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003F000C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003F100C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003F200C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003F300C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003F400C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003F500C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003FA00C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003F800C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003F600C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003F900C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003F700C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0244000C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0244100C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0244200C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0244300C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0244400C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0244500C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0244B00C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0244800C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0244600C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0244900C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0244700C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0244A00C .text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 008B000C .text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 008B100C .text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 008B200C .text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C .text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C .text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C .text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01A5000C .text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01A5100C .text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01A5200C .text C:\Windows\system32\SearchIndexer.exe[3084] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01A5300C .text C:\Windows\system32\SearchIndexer.exe[3084] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01A5400C .text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01A5800C .text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01A5600C .text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01A5900C .text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01A5700C .text C:\Windows\system32\SearchIndexer.exe[3084] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01A5500C .text C:\Windows\system32\SearchIndexer.exe[3084] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01A5B00C .text C:\Windows\system32\SearchIndexer.exe[3084] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01A5A00C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000B000C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000B100C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000B200C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000B300C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000B400C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000B800C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000B600C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000B900C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000B700C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B500C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000BB00C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000BA00C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0006000C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0006100C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0006200C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0006300C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0006400C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0006800C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0006600C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0006900C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0006700C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0006500C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0006B00C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0006A00C .text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0098000C .text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0098100C .text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0098200C .text C:\Windows\system32\WUDFHost.exe[3728] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0098300C .text C:\Windows\system32\WUDFHost.exe[3728] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0098400C .text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0098800C .text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0098600C .text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0098900C .text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0098700C .text C:\Windows\system32\WUDFHost.exe[3728] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0098A00C .text C:\Windows\system32\WUDFHost.exe[3728] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0098500C .text C:\Windows\system32\WUDFHost.exe[3728] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0098B00C .text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003F000C .text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003F100C .text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003F200C .text C:\Windows\RtHDVCpl.exe[3896] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003F300C .text C:\Windows\RtHDVCpl.exe[3896] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003F400C .text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003F800C .text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003F600C .text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003F900C .text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003F700C .text C:\Windows\RtHDVCpl.exe[3896] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003F500C .text C:\Windows\RtHDVCpl.exe[3896] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003FB00C .text C:\Windows\RtHDVCpl.exe[3896] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003FA00C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0013300C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0013400C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0013500C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0013A00C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0013800C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0013600C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0013900C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0013700C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!LdrLoadDll 77BF9378 5 Bytes JMP 69D75B60 D:\Moje Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0006000C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0006100C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0006200C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0006300C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0006400C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0006500C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0006A00C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0006800C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0006600C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0006900C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0006700C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0006B00C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00FA000C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00FA100C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00FA200C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 00FA300C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 00FA400C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 00FA800C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 00FA600C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 00FA900C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 00FA700C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00FA500C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 00FAB00C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 00FAA00C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0023000C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0023100C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0023200C .text C:\Users\ADAM\Downloads\gmer.exe[4980] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0023300C .text C:\Users\ADAM\Downloads\gmer.exe[4980] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0023400C .text C:\Users\ADAM\Downloads\gmer.exe[4980] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0023500C .text C:\Users\ADAM\Downloads\gmer.exe[4980] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0023A00C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0023800C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0023600C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0023900C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0023700C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0023B00C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0023000C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0023100C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0023200C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0023300C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0023400C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0023500C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0023A00C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0023800C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0023600C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0023900C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0023700C ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73FE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7403A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73FEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73FDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73FE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73FDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74018395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73FEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73FDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73FDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73FD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7406CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7400C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73FDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73FD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73FD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73FE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fe0541 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2f55513 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@a87e33e10e54 0x5B 0x0B 0xEA 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@1c4bd607ddc6 0xF8 0xFE 0x7B 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@303855c6f5cf 0x8D 0xC3 0xA8 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0x1A 0x21 0x77 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fe0541 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2f55513 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@a87e33e10e54 0x5B 0x0B 0xEA 0xBC ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@1c4bd607ddc6 0xF8 0xFE 0x7B 0xF8 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@303855c6f5cf 0x8D 0xC3 0xA8 0x4F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0x1A 0x21 0x77 ... ---- Files - GMER 1.0.15 ---- File C:\Windows\winsxs\x86_microsoft-windows-oobe-machine_31bf3856ad364e35_6.0.6002.18005_none_0f69c3410053748d\msoobe.exe (size mismatch) 1315328/1315840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6002.18005_none_6f22f8764ca6fdc8\pbkmigr.dll (size mismatch) 124928/125440 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6002.18005_none_3417f75aaa6413e3\winsetup.dll (size mismatch) 1468928/1469952 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6002.18005_none_33850f5d456366c5\tssysprep.dll (size mismatch) 65536/66048 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.0.6002.18005_none_e3ab2befd3f379c1\wbemcore.dll (size mismatch) 742912/744448 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6002.18005_none_bb3f7c211cba6b3f\esscli.dll (size mismatch) 263168/265728 bytes executable File C:\Windows\winsxs\x86_server-help-h1s.itprobasic.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_e93c4bdb6bcba4ef\itprobasic.h1s (size mismatch) 425848/416542 bytes executable File C:\Windows\winsxs\x86_server-help-h1s.uap.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_73fe3bbf2af96683\uap.h1s (size mismatch) 97509/102998 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34\fastprox.dll (size mismatch) 614400/614912 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiDcPrv.dll (size mismatch) 126976/129024 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiPrvSD.dll (size mismatch) 483840/499712 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiPrvSE.exe (size mismatch) 245248/247296 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_6.0.6002.18005_none_802d32ed2e0cea67\repdrvfs.dll (size mismatch) 264704/265728 bytes executable [code] ---- EOF - GMER 1.0.15 ----

[/code]

Kod: Zaznacz wszystko

Dodano Dzisiaj, 16:08:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-23 16:02:57 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0 Running: gmer.exe; Driver: C:\Users\ADAM\AppData\Local\Temp\kxldrpoc.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwCreateThread [0x92712E8C] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwLoadDriver [0x927131BC] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x92712BCC] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwOpenSection [0x927135EE] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwRenameKey [0x9271488C] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x9271343E] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSuspendProcess [0x92712A4C] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSuspendThread [0x92712EC0] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x92713042] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwTerminateProcess [0x927129A6] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwTerminateThread [0x92712B06] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x92712F86] SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x92712EA6] ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 411 82471A08 4 Bytes [8C, 2E, 71, 92] {MOV WORD [ESI], GS; JNO 0xffffffffffffff96} .text ntoskrnl.exe!KeInsertQueue + 56D 82471B64 4 Bytes [BC, 31, 71, 92] .text ntoskrnl.exe!KeInsertQueue + 59D 82471B94 4 Bytes [CC, 2B, 71, 92] {INT 3 ; SUB ESI, [ECX-0x6e]} .text ntoskrnl.exe!KeInsertQueue + 5ED 82471BE4 4 Bytes [EE, 35, 71, 92] .text ntoskrnl.exe!KeInsertQueue + 705 82471CFC 4 Bytes [8C, 48, 71, 92] {MOV WORD [EAX+0x71], CS; XCHG EDX, EAX} .text ... .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90006340, 0x3EE687, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 013E000C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 013E100C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 013E200C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 013E300C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 013E400C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 013E800C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 013E600C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 013E900C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 013E700C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 013E500C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 013EB00C .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 013EA00C .text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000D000C .text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000D100C .text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000D200C .text C:\Windows\ehome\ehtray.exe[252] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000D300C .text C:\Windows\ehome\ehtray.exe[252] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000D400C .text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000D800C .text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000D600C .text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000D900C .text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000D700C .text C:\Windows\ehome\ehtray.exe[252] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000D500C .text C:\Windows\ehome\ehtray.exe[252] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000DB00C .text C:\Windows\ehome\ehtray.exe[252] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000DA00C .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 007E000C .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 007E100C .text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 007E200C .text C:\Windows\system32\wininit.exe[672] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 007E300C .text C:\Windows\system32\wininit.exe[672] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 007E400C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 007E800C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 007E600C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW 771D9EB4 3 Bytes JMP 007E900C .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW + 4 771D9EB8 1 Byte [89] .text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 007E700C .text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW 76F287AD 3 Bytes JMP 007E500C .text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW + 4 76F287B1 1 Byte [89] .text C:\Windows\system32\wininit.exe[672] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 007EA00C .text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001F000C .text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001F100C .text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001F200C .text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 001F300C .text C:\Windows\system32\lsass.exe[732] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 001F400C .text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 001F800C .text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 001F600C .text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 001F900C .text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 001F700C .text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001F500C .text C:\Windows\system32\lsass.exe[732] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 001FB00C .text C:\Windows\system32\lsass.exe[732] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 001FA00C .text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0014000C .text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0014100C .text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0014200C .text C:\Windows\system32\lsm.exe[740] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0014300C .text C:\Windows\system32\lsm.exe[740] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0014400C .text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0014800C .text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0014600C .text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0014900C .text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0014700C .text C:\Windows\system32\lsm.exe[740] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0014500C .text C:\Windows\system32\lsm.exe[740] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0014A00C .text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003A000C .text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003A100C .text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003A200C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0036000C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0036100C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0036200C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0036300C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0036400C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0036A00C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0036500C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0036B00C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0036800C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0036600C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0036900C .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0036700C .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0031000C .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0031100C .text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0031200C .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003D000C .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003D100C .text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003D200C .text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003D300C .text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003D400C .text C:\Windows\system32\nvvsvc.exe[932] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003D500C .text C:\Windows\system32\nvvsvc.exe[932] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003DB00C .text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003D800C .text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003D600C .text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003D900C .text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003D700C .text C:\Windows\system32\nvvsvc.exe[932] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003DA00C .text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0009000C .text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0009100C .text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0009200C .text C:\Windows\System32\rundll32.exe[956] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0009300C .text C:\Windows\System32\rundll32.exe[956] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0009400C .text C:\Windows\System32\rundll32.exe[956] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0009500C .text C:\Windows\System32\rundll32.exe[956] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0009B00C .text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0009800C .text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0009600C .text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0009900C .text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0009700C .text C:\Windows\System32\rundll32.exe[956] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0009A00C .text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0083000C .text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0083100C .text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0083200C .text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 006E000C .text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 006E100C .text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 006E200C .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001E000C .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001E100C .text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001E200C .text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00F7000C .text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00F7100C .text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00F7200C .text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000A000C .text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000A100C .text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000A200C .text C:\Windows\system32\agrsmsvc.exe[1104] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000A300C .text C:\Windows\system32\agrsmsvc.exe[1104] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000A400C .text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000A800C .text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000A600C .text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000A900C .text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000A700C .text C:\Windows\system32\agrsmsvc.exe[1104] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000A500C .text C:\Windows\system32\agrsmsvc.exe[1104] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000AB00C .text C:\Windows\system32\agrsmsvc.exe[1104] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000AA00C .text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00F4000C .text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00F4100C .text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00F4200C .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0010000C .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0010100C .text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0010200C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0009000C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0009100C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0009200C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0009300C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0009400C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0009800C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0009600C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0009900C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0009700C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0009500C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0009B00C .text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0009A00C .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0026000C .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0026100C .text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0026200C .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00D7000C .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00D7100C .text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00D7200C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0026000C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0026100C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0026200C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0026300C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0026400C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0026800C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0026600C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0026900C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0026700C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0026500C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0026B00C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0026A00C .text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 005C000C .text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 005C100C .text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 005C200C .text C:\Windows\system32\winlogon.exe[1400] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 005C300C .text C:\Windows\system32\winlogon.exe[1400] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 005C400C .text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 005C800C .text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 005C600C .text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 005C900C .text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 005C700C .text C:\Windows\system32\winlogon.exe[1400] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 005C500C .text C:\Windows\system32\winlogon.exe[1400] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 005CB00C .text C:\Windows\system32\winlogon.exe[1400] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 005CA00C .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 005D000C .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 005D100C .text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 005D200C .text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 009A000C .text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 009A100C .text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 009A200C .text C:\Windows\system32\WLANExt.exe[1596] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 009A300C .text C:\Windows\system32\WLANExt.exe[1596] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 009A400C .text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 009A800C .text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 009A600C .text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 009A900C .text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 009A700C .text C:\Windows\system32\WLANExt.exe[1596] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 009A500C .text C:\Windows\system32\WLANExt.exe[1596] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 009AB00C .text C:\Windows\system32\WLANExt.exe[1596] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 009AA00C .text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0051000C .text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0051100C .text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0051200C .text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0051300C .text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0051400C .text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0051800C .text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0051600C .text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0051900C .text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0051700C .text C:\Windows\system32\taskeng.exe[1716] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0051500C .text C:\Windows\system32\taskeng.exe[1716] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0051B00C .text C:\Windows\system32\taskeng.exe[1716] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0051A00C .text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0067000C .text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0067100C .text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0067200C .text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000F000C .text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000F100C .text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000F200C .text C:\Windows\system32\rundll32.exe[1844] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000F300C .text C:\Windows\system32\rundll32.exe[1844] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000F400C .text C:\Windows\system32\rundll32.exe[1844] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000F500C .text C:\Windows\system32\rundll32.exe[1844] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000FB00C .text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000F800C .text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000F600C .text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000F900C .text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000F700C .text C:\Windows\system32\rundll32.exe[1844] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000FA00C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000B000C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000B100C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000B200C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000B300C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000B400C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000B800C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000B600C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000B900C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000B700C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B500C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000BB00C .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000BA00C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01B0000C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01B0100C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01B0200C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01B0300C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01B0400C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01B0800C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01B0600C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01B0900C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01B0700C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01B0500C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01B0B00C .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01B0A00C .text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01A9000C .text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01A9100C .text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01A9200C .text C:\Windows\system32\taskeng.exe[2388] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01A9300C .text C:\Windows\system32\taskeng.exe[2388] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01A9400C .text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01A9800C .text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01A9600C .text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01A9900C .text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01A9700C .text C:\Windows\system32\taskeng.exe[2388] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01A9500C .text C:\Windows\system32\taskeng.exe[2388] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01A9B00C .text C:\Windows\system32\taskeng.exe[2388] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01A9A00C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0086000C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0086100C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0086200C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!LoadLibraryExW 775D927C 3 Bytes JMP 0086300C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!LoadLibraryExW + 4 775D9280 1 Byte [89] .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0086400C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0086500C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0086B00C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0086800C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0086600C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0086900C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0086700C .text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] OLE32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0086A00C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0057000C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0057100C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0057200C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0057300C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0057400C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0057800C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0057600C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0057900C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0057700C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0057A00C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0057500C .text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0057B00C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001B000C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001B100C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001B200C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 001B300C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 001B400C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001B500C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 001BB00C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 001B800C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 001B600C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 001B900C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 001B700C .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 001BA00C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003A000C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003A100C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003A200C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003A300C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003A400C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003A500C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003AB00C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003A800C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003A600C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003A900C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003A700C .text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003AA00C .text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0052000C .text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0052100C .text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0052200C .text C:\Windows\system32\taskeng.exe[2528] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0052300C .text C:\Windows\system32\taskeng.exe[2528] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0052400C .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0052800C .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0052600C .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0052900C .text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0052700C .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0052500C .text C:\Windows\system32\taskeng.exe[2528] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0052B00C .text C:\Windows\system32\taskeng.exe[2528] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0052A00C .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0298000C .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0298100C .text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0298200C .text C:\Windows\system32\Dwm.exe[2536] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0298300C .text C:\Windows\system32\Dwm.exe[2536] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0298400C .text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0298800C .text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0298600C .text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0298900C .text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0298700C .text C:\Windows\system32\Dwm.exe[2536] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0298500C .text C:\Windows\system32\Dwm.exe[2536] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0298B00C .text C:\Windows\system32\Dwm.exe[2536] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0298A00C .text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C .text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C .text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C .text C:\Windows\ehome\ehmsas.exe[2552] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0013300C .text C:\Windows\ehome\ehmsas.exe[2552] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0013400C .text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0013800C .text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0013600C .text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0013900C .text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0013700C .text C:\Windows\ehome\ehmsas.exe[2552] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0013500C .text C:\Windows\ehome\ehmsas.exe[2552] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0013B00C .text C:\Windows\ehome\ehmsas.exe[2552] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0013A00C .text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 03C1000C .text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 03C1100C .text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 03C1200C .text C:\Windows\explorer.exe[2648] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 03C1300C .text C:\Windows\explorer.exe[2648] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 03C1400C .text C:\Windows\explorer.exe[2648] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 03C1800C .text C:\Windows\explorer.exe[2648] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 03C1600C .text C:\Windows\explorer.exe[2648] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 03C1900C .text C:\Windows\explorer.exe[2648] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 03C1700C .text C:\Windows\explorer.exe[2648] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 03C1500C .text C:\Windows\explorer.exe[2648] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 03C1B00C .text C:\Windows\explorer.exe[2648] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 03C1A00C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0024000C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0024100C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0024200C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0024300C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0024400C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CloseServiceHandle 771B82A5 3 Bytes JMP 0024800C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CloseServiceHandle + 4 771B82A9 1 Byte [89] .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0024600C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0024900C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0024700C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0024500C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0024B00C .text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0024A00C .text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001D000C .text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001D100C .text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001D200C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 009F000C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 009F100C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 009F200C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 009F300C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 009F400C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 009F800C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 009F600C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 009F900C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 009F700C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 009F500C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 009FB00C .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 009FA00C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003F000C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003F100C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003F200C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003F300C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003F400C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003F500C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003FA00C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003F800C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003F600C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003F900C .text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003F700C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0244000C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0244100C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0244200C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0244300C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0244400C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0244500C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0244B00C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0244800C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0244600C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0244900C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0244700C .text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0244A00C .text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 008B000C .text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 008B100C .text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 008B200C .text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C .text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C .text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C .text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01A5000C .text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01A5100C .text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01A5200C .text C:\Windows\system32\SearchIndexer.exe[3084] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01A5300C .text C:\Windows\system32\SearchIndexer.exe[3084] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01A5400C .text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01A5800C .text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01A5600C .text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01A5900C .text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01A5700C .text C:\Windows\system32\SearchIndexer.exe[3084] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01A5500C .text C:\Windows\system32\SearchIndexer.exe[3084] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01A5B00C .text C:\Windows\system32\SearchIndexer.exe[3084] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01A5A00C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000B000C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000B100C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000B200C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000B300C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000B400C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000B800C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000B600C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000B900C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000B700C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B500C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000BB00C .text C:\Program Files\Windows Defender\MSASCui.exe[3564] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000BA00C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0006000C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0006100C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0006200C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0006300C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0006400C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0006800C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0006600C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0006900C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0006700C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0006500C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0006B00C .text C:\Windows\system32\wbem\wmiprvse.exe[3660] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0006A00C .text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0098000C .text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0098100C .text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0098200C .text C:\Windows\system32\WUDFHost.exe[3728] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0098300C .text C:\Windows\system32\WUDFHost.exe[3728] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0098400C .text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0098800C .text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0098600C .text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0098900C .text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0098700C .text C:\Windows\system32\WUDFHost.exe[3728] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0098A00C .text C:\Windows\system32\WUDFHost.exe[3728] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0098500C .text C:\Windows\system32\WUDFHost.exe[3728] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0098B00C .text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003F000C .text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003F100C .text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003F200C .text C:\Windows\RtHDVCpl.exe[3896] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003F300C .text C:\Windows\RtHDVCpl.exe[3896] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003F400C .text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003F800C .text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003F600C .text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003F900C .text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003F700C .text C:\Windows\RtHDVCpl.exe[3896] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003F500C .text C:\Windows\RtHDVCpl.exe[3896] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003FB00C .text C:\Windows\RtHDVCpl.exe[3896] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003FA00C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0013300C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0013400C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0013500C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0013A00C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0013800C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0013600C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0013900C .text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0013700C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!LdrLoadDll 77BF9378 5 Bytes JMP 69D75B60 D:\Moje Programy\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0006000C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0006100C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0006200C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0006300C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0006400C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0006500C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0006A00C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0006800C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0006600C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0006900C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0006700C .text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0006B00C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00FA000C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00FA100C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00FA200C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 00FA300C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 00FA400C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 00FA800C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 00FA600C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 00FA900C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 00FA700C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00FA500C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 00FAB00C .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 00FAA00C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0023000C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0023100C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0023200C .text C:\Users\ADAM\Downloads\gmer.exe[4980] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0023300C .text C:\Users\ADAM\Downloads\gmer.exe[4980] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0023400C .text C:\Users\ADAM\Downloads\gmer.exe[4980] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0023500C .text C:\Users\ADAM\Downloads\gmer.exe[4980] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0023A00C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0023800C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0023600C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0023900C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0023700C .text C:\Users\ADAM\Downloads\gmer.exe[4980] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0023B00C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0023000C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0023100C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0023200C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0023300C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0023400C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0023500C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0023A00C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0023800C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0023600C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0023900C .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0023700C ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73FE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7403A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73FEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73FDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73FE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73FDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74018395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73FEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73FDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73FDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73FD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7406CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7400C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73FDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73FD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73FD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73FE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fe0541 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2f55513 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@a87e33e10e54 0x5B 0x0B 0xEA 0xBC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@1c4bd607ddc6 0xF8 0xFE 0x7B 0xF8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@303855c6f5cf 0x8D 0xC3 0xA8 0x4F ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0x1A 0x21 0x77 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fe0541 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2f55513 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@a87e33e10e54 0x5B 0x0B 0xEA 0xBC ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@1c4bd607ddc6 0xF8 0xFE 0x7B 0xF8 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@303855c6f5cf 0x8D 0xC3 0xA8 0x4F ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0x1A 0x21 0x77 ... ---- Files - GMER 1.0.15 ---- File C:\Windows\winsxs\x86_microsoft-windows-oobe-machine_31bf3856ad364e35_6.0.6002.18005_none_0f69c3410053748d\msoobe.exe (size mismatch) 1315328/1315840 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6002.18005_none_6f22f8764ca6fdc8\pbkmigr.dll (size mismatch) 124928/125440 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6002.18005_none_3417f75aaa6413e3\winsetup.dll (size mismatch) 1468928/1469952 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6002.18005_none_33850f5d456366c5\tssysprep.dll (size mismatch) 65536/66048 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.0.6002.18005_none_e3ab2befd3f379c1\wbemcore.dll (size mismatch) 742912/744448 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6002.18005_none_bb3f7c211cba6b3f\esscli.dll (size mismatch) 263168/265728 bytes executable File C:\Windows\winsxs\x86_server-help-h1s.itprobasic.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_e93c4bdb6bcba4ef\itprobasic.h1s (size mismatch) 425848/416542 bytes executable File C:\Windows\winsxs\x86_server-help-h1s.uap.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_73fe3bbf2af96683\uap.h1s (size mismatch) 97509/102998 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34\fastprox.dll (size mismatch) 614400/614912 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiDcPrv.dll (size mismatch) 126976/129024 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiPrvSD.dll (size mismatch) 483840/499712 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiPrvSE.exe (size mismatch) 245248/247296 bytes executable File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_6.0.6002.18005_none_802d32ed2e0cea67\repdrvfs.dll (size mismatch) 264704/265728 bytes executable ---- EOF - GMER 1.0.15 ----

Dodano Dzisiaj, 16:08:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-23 16:02:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD32 rev.11.0
Running: gmer.exe; Driver: C:\Users\ADAM\AppData\Local\Temp\kxldrpoc.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwCreateThread [0x92712E8C]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwLoadDriver [0x927131BC]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwMapViewOfSection [0x92712BCC]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwOpenSection [0x927135EE]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwRenameKey [0x9271488C]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSetSystemInformation [0x9271343E]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSuspendProcess [0x92712A4C]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSuspendThread [0x92712EC0]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwSystemDebugControl [0x92713042]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwTerminateProcess [0x927129A6]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwTerminateThread [0x92712B06]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwWriteVirtualMemory [0x92712F86]
SSDT \??\C:\Program Files\Pakiet Bezpieczeństwa UPC\HIPS\drivers\fshs.sys ZwCreateThreadEx [0x92712EA6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 411 82471A08 4 Bytes [8C, 2E, 71, 92] {MOV WORD [ESI], GS; JNO 0xffffffffffffff96}
.text ntoskrnl.exe!KeInsertQueue + 56D 82471B64 4 Bytes [BC, 31, 71, 92]
.text ntoskrnl.exe!KeInsertQueue + 59D 82471B94 4 Bytes [CC, 2B, 71, 92] {INT 3 ; SUB ESI, [ECX-0x6e]}
.text ntoskrnl.exe!KeInsertQueue + 5ED 82471BE4 4 Bytes [EE, 35, 71, 92]
.text ntoskrnl.exe!KeInsertQueue + 705 82471CFC 4 Bytes [8C, 48, 71, 92] {MOV WORD [EAX+0x71], CS; XCHG EDX, EAX}
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x90006340, 0x3EE687, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 013E000C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 013E100C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 013E200C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 013E300C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 013E400C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 013E800C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 013E600C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 013E900C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 013E700C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 013E500C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 013EB00C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[232] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 013EA00C
.text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000D000C
.text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000D100C
.text C:\Windows\ehome\ehtray.exe[252] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000D200C
.text C:\Windows\ehome\ehtray.exe[252] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000D300C
.text C:\Windows\ehome\ehtray.exe[252] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000D400C
.text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000D800C
.text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000D600C
.text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000D900C
.text C:\Windows\ehome\ehtray.exe[252] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000D700C
.text C:\Windows\ehome\ehtray.exe[252] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000D500C
.text C:\Windows\ehome\ehtray.exe[252] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000DB00C
.text C:\Windows\ehome\ehtray.exe[252] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000DA00C
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 007E000C
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 007E100C
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 007E200C
.text C:\Windows\system32\wininit.exe[672] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 007E300C
.text C:\Windows\system32\wininit.exe[672] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 007E400C
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 007E800C
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 007E600C
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW 771D9EB4 3 Bytes JMP 007E900C
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW + 4 771D9EB8 1 Byte [89]
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 007E700C
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW 76F287AD 3 Bytes JMP 007E500C
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW + 4 76F287B1 1 Byte [89]
.text C:\Windows\system32\wininit.exe[672] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 007EA00C
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001F000C
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001F100C
.text C:\Windows\system32\lsass.exe[732] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001F200C
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 001F300C
.text C:\Windows\system32\lsass.exe[732] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 001F400C
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 001F800C
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 001F600C
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 001F900C
.text C:\Windows\system32\lsass.exe[732] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 001F700C
.text C:\Windows\system32\lsass.exe[732] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001F500C
.text C:\Windows\system32\lsass.exe[732] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 001FB00C
.text C:\Windows\system32\lsass.exe[732] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 001FA00C
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0014000C
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0014100C
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0014200C
.text C:\Windows\system32\lsm.exe[740] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0014300C
.text C:\Windows\system32\lsm.exe[740] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0014400C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0014800C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0014600C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0014900C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0014700C
.text C:\Windows\system32\lsm.exe[740] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0014500C
.text C:\Windows\system32\lsm.exe[740] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0014A00C
.text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003A000C
.text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003A100C
.text C:\Program Files\Pakiet Bezpieczeństwa UPC\Common\FSM32.EXE[856] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003A200C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0036000C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0036100C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0036200C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0036300C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0036400C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0036A00C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0036500C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0036B00C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0036800C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0036600C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0036900C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[860] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0036700C
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0031000C
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0031100C
.text C:\Windows\system32\svchost.exe[888] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0031200C
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003D000C
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003D100C
.text C:\Windows\system32\nvvsvc.exe[932] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003D200C
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003D300C
.text C:\Windows\system32\nvvsvc.exe[932] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003D400C
.text C:\Windows\system32\nvvsvc.exe[932] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003D500C
.text C:\Windows\system32\nvvsvc.exe[932] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003DB00C
.text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003D800C
.text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003D600C
.text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003D900C
.text C:\Windows\system32\nvvsvc.exe[932] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003D700C
.text C:\Windows\system32\nvvsvc.exe[932] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003DA00C
.text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0009000C
.text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0009100C
.text C:\Windows\System32\rundll32.exe[956] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0009200C
.text C:\Windows\System32\rundll32.exe[956] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0009300C
.text C:\Windows\System32\rundll32.exe[956] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0009400C
.text C:\Windows\System32\rundll32.exe[956] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0009500C
.text C:\Windows\System32\rundll32.exe[956] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0009B00C
.text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0009800C
.text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0009600C
.text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0009900C
.text C:\Windows\System32\rundll32.exe[956] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0009700C
.text C:\Windows\System32\rundll32.exe[956] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0009A00C
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0083000C
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0083100C
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0083200C
.text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 006E000C
.text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 006E100C
.text C:\Windows\System32\svchost.exe[996] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 006E200C
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001E000C
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001E100C
.text C:\Windows\System32\svchost.exe[1048] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001E200C
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00F7000C
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00F7100C
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00F7200C
.text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000A000C
.text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000A100C
.text C:\Windows\system32\agrsmsvc.exe[1104] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000A200C
.text C:\Windows\system32\agrsmsvc.exe[1104] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000A300C
.text C:\Windows\system32\agrsmsvc.exe[1104] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000A400C
.text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000A800C
.text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000A600C
.text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000A900C
.text C:\Windows\system32\agrsmsvc.exe[1104] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000A700C
.text C:\Windows\system32\agrsmsvc.exe[1104] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000A500C
.text C:\Windows\system32\agrsmsvc.exe[1104] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000AB00C
.text C:\Windows\system32\agrsmsvc.exe[1104] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000AA00C
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00F4000C
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00F4100C
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00F4200C
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0010000C
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0010100C
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0010200C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0009000C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0009100C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0009200C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0009300C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0009400C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0009800C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0009600C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0009900C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0009700C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0009500C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0009B00C
.text D:\Moje Programy\Sony\PMBVolumeWatcher.exe[1224] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0009A00C
.text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0026000C
.text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0026100C
.text C:\Windows\system32\svchost.exe[1236] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0026200C
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00D7000C
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00D7100C
.text C:\Windows\system32\svchost.exe[1244] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00D7200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0026000C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0026100C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0026200C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0026300C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0026400C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0026800C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0026600C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0026900C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0026700C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0026500C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0026B00C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1380] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0026A00C
.text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 005C000C
.text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 005C100C
.text C:\Windows\system32\winlogon.exe[1400] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 005C200C
.text C:\Windows\system32\winlogon.exe[1400] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 005C300C
.text C:\Windows\system32\winlogon.exe[1400] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 005C400C
.text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 005C800C
.text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 005C600C
.text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 005C900C
.text C:\Windows\system32\winlogon.exe[1400] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 005C700C
.text C:\Windows\system32\winlogon.exe[1400] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 005C500C
.text C:\Windows\system32\winlogon.exe[1400] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 005CB00C
.text C:\Windows\system32\winlogon.exe[1400] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 005CA00C
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 005D000C
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 005D100C
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 005D200C
.text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 009A000C
.text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 009A100C
.text C:\Windows\system32\WLANExt.exe[1596] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 009A200C
.text C:\Windows\system32\WLANExt.exe[1596] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 009A300C
.text C:\Windows\system32\WLANExt.exe[1596] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 009A400C
.text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 009A800C
.text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 009A600C
.text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 009A900C
.text C:\Windows\system32\WLANExt.exe[1596] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 009A700C
.text C:\Windows\system32\WLANExt.exe[1596] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 009A500C
.text C:\Windows\system32\WLANExt.exe[1596] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 009AB00C
.text C:\Windows\system32\WLANExt.exe[1596] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 009AA00C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0051000C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0051100C
.text C:\Windows\system32\taskeng.exe[1716] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0051200C
.text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0051300C
.text C:\Windows\system32\taskeng.exe[1716] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0051400C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0051800C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0051600C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0051900C
.text C:\Windows\system32\taskeng.exe[1716] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0051700C
.text C:\Windows\system32\taskeng.exe[1716] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0051500C
.text C:\Windows\system32\taskeng.exe[1716] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0051B00C
.text C:\Windows\system32\taskeng.exe[1716] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0051A00C
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0067000C
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0067100C
.text C:\Windows\system32\svchost.exe[1800] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0067200C
.text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000F000C
.text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000F100C
.text C:\Windows\system32\rundll32.exe[1844] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000F200C
.text C:\Windows\system32\rundll32.exe[1844] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000F300C
.text C:\Windows\system32\rundll32.exe[1844] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000F400C
.text C:\Windows\system32\rundll32.exe[1844] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000F500C
.text C:\Windows\system32\rundll32.exe[1844] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000FB00C
.text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000F800C
.text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000F600C
.text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000F900C
.text C:\Windows\system32\rundll32.exe[1844] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000F700C
.text C:\Windows\system32\rundll32.exe[1844] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000FA00C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000B000C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000B100C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000B200C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000B300C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000B400C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000B800C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000B600C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000B900C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000B700C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B500C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000BB00C
.text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1980] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000BA00C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01B0000C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01B0100C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01B0200C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01B0300C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01B0400C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01B0800C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01B0600C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01B0900C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01B0700C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01B0500C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01B0B00C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2252] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01B0A00C
.text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01A9000C
.text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01A9100C
.text C:\Windows\system32\taskeng.exe[2388] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01A9200C
.text C:\Windows\system32\taskeng.exe[2388] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01A9300C
.text C:\Windows\system32\taskeng.exe[2388] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01A9400C
.text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01A9800C
.text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01A9600C
.text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01A9900C
.text C:\Windows\system32\taskeng.exe[2388] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01A9700C
.text C:\Windows\system32\taskeng.exe[2388] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01A9500C
.text C:\Windows\system32\taskeng.exe[2388] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01A9B00C
.text C:\Windows\system32\taskeng.exe[2388] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01A9A00C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0086000C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0086100C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0086200C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!LoadLibraryExW 775D927C 3 Bytes JMP 0086300C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!LoadLibraryExW + 4 775D9280 1 Byte [89]
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0086400C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0086500C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0086B00C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0086800C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0086600C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0086900C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0086700C
.text C:\Program Files\Clarus\Samsung SecretZone\MSSvc.exe[2396] OLE32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0086A00C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0057000C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0057100C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0057200C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0057300C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0057400C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0057800C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0057600C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0057900C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0057700C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0057A00C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0057500C
.text C:\Program Files\Google\Update\GoogleUpdate.exe[2472] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0057B00C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001B000C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001B100C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001B200C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 001B300C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 001B400C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 001B500C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 001BB00C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 001B800C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 001B600C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 001B900C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 001B700C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2484] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 001BA00C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003A000C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003A100C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003A200C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003A300C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003A400C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003A500C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003AB00C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003A800C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003A600C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003A900C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003A700C
.text D:\Moje Programy\Sony\PMBDeviceInfoProvider.exe[2508] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003AA00C
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0052000C
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0052100C
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0052200C
.text C:\Windows\system32\taskeng.exe[2528] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0052300C
.text C:\Windows\system32\taskeng.exe[2528] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0052400C
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0052800C
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0052600C
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0052900C
.text C:\Windows\system32\taskeng.exe[2528] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0052700C
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0052500C
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0052B00C
.text C:\Windows\system32\taskeng.exe[2528] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0052A00C
.text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0298000C
.text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0298100C
.text C:\Windows\system32\Dwm.exe[2536] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0298200C
.text C:\Windows\system32\Dwm.exe[2536] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0298300C
.text C:\Windows\system32\Dwm.exe[2536] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0298400C
.text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0298800C
.text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0298600C
.text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0298900C
.text C:\Windows\system32\Dwm.exe[2536] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0298700C
.text C:\Windows\system32\Dwm.exe[2536] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0298500C
.text C:\Windows\system32\Dwm.exe[2536] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0298B00C
.text C:\Windows\system32\Dwm.exe[2536] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0298A00C
.text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C
.text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C
.text C:\Windows\ehome\ehmsas.exe[2552] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C
.text C:\Windows\ehome\ehmsas.exe[2552] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0013300C
.text C:\Windows\ehome\ehmsas.exe[2552] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0013400C
.text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0013800C
.text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0013600C
.text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0013900C
.text C:\Windows\ehome\ehmsas.exe[2552] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0013700C
.text C:\Windows\ehome\ehmsas.exe[2552] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0013500C
.text C:\Windows\ehome\ehmsas.exe[2552] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0013B00C
.text C:\Windows\ehome\ehmsas.exe[2552] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0013A00C
.text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 03C1000C
.text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 03C1100C
.text C:\Windows\explorer.exe[2648] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 03C1200C
.text C:\Windows\explorer.exe[2648] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 03C1300C
.text C:\Windows\explorer.exe[2648] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 03C1400C
.text C:\Windows\explorer.exe[2648] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 03C1800C
.text C:\Windows\explorer.exe[2648] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 03C1600C
.text C:\Windows\explorer.exe[2648] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 03C1900C
.text C:\Windows\explorer.exe[2648] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 03C1700C
.text C:\Windows\explorer.exe[2648] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 03C1500C
.text C:\Windows\explorer.exe[2648] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 03C1B00C
.text C:\Windows\explorer.exe[2648] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 03C1A00C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0024000C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0024100C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0024200C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0024300C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0024400C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CloseServiceHandle 771B82A5 3 Bytes JMP 0024800C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CloseServiceHandle + 4 771B82A9 1 Byte [89]
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0024600C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0024900C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0024700C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0024500C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0024B00C
.text C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe[2712] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0024A00C
.text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 001D000C
.text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 001D100C
.text C:\Windows\system32\svchost.exe[2792] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 001D200C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 009F000C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 009F100C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 009F200C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 009F300C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 009F400C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 009F800C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 009F600C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 009F900C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 009F700C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 009F500C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 009FB00C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2804] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 009FA00C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003F000C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003F100C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003F200C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003F300C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003F400C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003F500C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003FA00C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003F800C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003F600C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003F900C
.text C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe[2872] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003F700C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0244000C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0244100C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0244200C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0244300C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0244400C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0244500C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0244B00C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0244800C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0244600C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0244900C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0244700C
.text C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe[2884] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0244A00C
.text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 008B000C
.text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 008B100C
.text C:\Windows\system32\svchost.exe[2996] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 008B200C
.text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C
.text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C
.text C:\Windows\System32\svchost.exe[3060] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C
.text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 01A5000C
.text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 01A5100C
.text C:\Windows\system32\SearchIndexer.exe[3084] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 01A5200C
.text C:\Windows\system32\SearchIndexer.exe[3084] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 01A5300C
.text C:\Windows\system32\SearchIndexer.exe[3084] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 01A5400C
.text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 01A5800C
.text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 01A5600C
.text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 01A5900C
.text C:\Windows\system32\SearchIndexer.exe[3084] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 01A5700C
.text C:\Windows\system32\SearchIndexer.exe[3084] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 01A5500C
.text C:\Windows\system32\SearchIndexer.exe[3084] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 01A5B00C
.text C:\Windows\system32\SearchIndexer.exe[3084] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 01A5A00C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 000B000C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 000B100C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 000B200C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 000B300C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 000B400C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 000B800C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 000B600C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 000B900C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 000B700C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 000B500C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 000BB00C
.text C:\Program Files\Windows Defender\MSASCui.exe[3564] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 000BA00C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0006000C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0006100C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0006200C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0006300C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0006400C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0006800C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0006600C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0006900C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0006700C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0006500C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0006B00C
.text C:\Windows\system32\wbem\wmiprvse.exe[3660] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0006A00C
.text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0098000C
.text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0098100C
.text C:\Windows\system32\WUDFHost.exe[3728] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0098200C
.text C:\Windows\system32\WUDFHost.exe[3728] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0098300C
.text C:\Windows\system32\WUDFHost.exe[3728] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0098400C
.text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0098800C
.text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0098600C
.text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0098900C
.text C:\Windows\system32\WUDFHost.exe[3728] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0098700C
.text C:\Windows\system32\WUDFHost.exe[3728] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0098A00C
.text C:\Windows\system32\WUDFHost.exe[3728] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0098500C
.text C:\Windows\system32\WUDFHost.exe[3728] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0098B00C
.text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 003F000C
.text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 003F100C
.text C:\Windows\RtHDVCpl.exe[3896] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 003F200C
.text C:\Windows\RtHDVCpl.exe[3896] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 003F300C
.text C:\Windows\RtHDVCpl.exe[3896] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 003F400C
.text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 003F800C
.text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 003F600C
.text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 003F900C
.text C:\Windows\RtHDVCpl.exe[3896] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 003F700C
.text C:\Windows\RtHDVCpl.exe[3896] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 003F500C
.text C:\Windows\RtHDVCpl.exe[3896] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 003FB00C
.text C:\Windows\RtHDVCpl.exe[3896] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 003FA00C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0013000C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0013100C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0013200C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0013300C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0013400C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0013500C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0013A00C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0013800C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0013600C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0013900C
.text C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE[3936] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0013700C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!LdrLoadDll 77BF9378 5 Bytes JMP 69D75B60 D:\Moje Programy\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0006000C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0006100C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0006200C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0006300C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0006400C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0006500C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0006A00C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0006800C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0006600C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0006900C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0006700C
.text D:\Moje Programy\Mozilla Firefox\firefox.exe[4284] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0006B00C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 00FA000C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 00FA100C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 00FA200C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 00FA300C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 00FA400C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 00FA800C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 00FA600C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 00FA900C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 00FA700C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 00FA500C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 00FAB00C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4948] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 00FAA00C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0023000C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0023100C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0023200C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0023300C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0023400C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0023500C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0023A00C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0023800C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0023600C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0023900C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0023700C
.text C:\Users\ADAM\Downloads\gmer.exe[4980] ole32.dll!CoCreateInstanceEx 77339F81 5 Bytes JMP 0023B00C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateProcess 77C34304 5 Bytes JMP 0023000C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateProcessEx 77C34314 5 Bytes JMP 0023100C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ntdll.dll!NtCreateUserProcess 77C35674 5 Bytes JMP 0023200C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] kernel32.dll!LoadLibraryExW 775D927C 5 Bytes JMP 0023300C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] kernel32.dll!TerminateThread 775F4413 5 Bytes JMP 0023400C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] USER32.dll!SetWindowsHookExW 76F287AD 5 Bytes JMP 0023500C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] USER32.dll!DdeConnect 76F69A1F 5 Bytes JMP 0023A00C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!CloseServiceHandle 771B82A5 5 Bytes JMP 0023800C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!OpenServiceW 771B8354 5 Bytes JMP 0023600C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!CreateServiceW 771D9EB4 5 Bytes JMP 0023900C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5868] ADVAPI32.dll!ControlService 771D9FB8 5 Bytes JMP 0023700C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73FE7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [7403A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73FEBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73FDF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73FE75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73FDE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74018395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73FEDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73FDFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73FDFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73FD71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7406CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7400C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73FDD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73FD6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73FD687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2648] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73FE2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe1fe0541
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2f55513
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@a87e33e10e54 0x5B 0x0B 0xEA 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@1c4bd607ddc6 0xF8 0xFE 0x7B 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002269e45dfc@303855c6f5cf 0x8D 0xC3 0xA8 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0x1A 0x21 0x77 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe1fe0541 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001fe2f55513 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@a87e33e10e54 0x5B 0x0B 0xEA 0xBC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@1c4bd607ddc6 0xF8 0xFE 0x7B 0xF8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002269e45dfc@303855c6f5cf 0x8D 0xC3 0xA8 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x43 0x1A 0x21 0x77 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\winsxs\x86_microsoft-windows-oobe-machine_31bf3856ad364e35_6.0.6002.18005_none_0f69c3410053748d\msoobe.exe (size mismatch) 1315328/1315840 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-rasapi_31bf3856ad364e35_6.0.6002.18005_none_6f22f8764ca6fdc8\pbkmigr.dll (size mismatch) 124928/125440 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6002.18005_none_3417f75aaa6413e3\winsetup.dll (size mismatch) 1468928/1469952 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-t..nalservices-sysprep_31bf3856ad364e35_6.0.6002.18005_none_33850f5d456366c5\tssysprep.dll (size mismatch) 65536/66048 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-wbemcore-dll_31bf3856ad364e35_6.0.6002.18005_none_e3ab2befd3f379c1\wbemcore.dll (size mismatch) 742912/744448 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core_31bf3856ad364e35_6.0.6002.18005_none_bb3f7c211cba6b3f\esscli.dll (size mismatch) 263168/265728 bytes executable
File C:\Windows\winsxs\x86_server-help-h1s.itprobasic.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_e93c4bdb6bcba4ef\itprobasic.h1s (size mismatch) 425848/416542 bytes executable
File C:\Windows\winsxs\x86_server-help-h1s.uap.resources_31bf3856ad364e35_6.0.6001.18000_pl-pl_73fe3bbf2af96683\uap.h1s (size mismatch) 97509/102998 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-fastprox-dll_31bf3856ad364e35_6.0.6002.18005_none_fd34cc6676de6f34\fastprox.dll (size mismatch) 614400/614912 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiDcPrv.dll (size mismatch) 126976/129024 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiPrvSD.dll (size mismatch) 483840/499712 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6002.18005_none_124e37978886d513\WmiPrvSE.exe (size mismatch) 245248/247296 bytes executable
File C:\Windows\winsxs\x86_microsoft-windows-wmi-core-repdrvfs-dll_31bf3856ad364e35_6.0.6002.18005_none_802d32ed2e0cea67\repdrvfs.dll (size mismatch) 264704/265728 bytes executable

---- EOF - GMER 1.0.15 ----
[code][quote][/quote][/code]

Dodano Dzisiaj, 16:12:
log z GMERA w załączniku

**Posty:** 18165 · przez **wojtas** 23 Lut 2012, 19:10

a dwa logi z OTL ??

**Posty:** 3 · przez **AdBr** 23 Lut 2012, 20:00

tak tak zaraz je dołącze też

Dodano Dzisiaj, 19:19:
oto i one

Ale ściągnąłem program Trojan Remover który znalazł i z tego co podał skasował kilka trojanów
Niby system się teraz normalnie uruchamia
ale zauważyłem że na dysku niesystemowym (w moim przypadku D) wśród moich dokumentów czy muzyki pojawiły się jakieś pliki o nazwie "desktop.ini - których wcześniej nie było na 100%
Czy te pliki to jakas oznaka ze dalej coś buszuje mi po kompie ?????
Pomóżcie

Dodano Dzisiaj, 19:20:

**Posty:** 18165 · przez **wojtas** 24 Lut 2012, 20:59

odinstaluj DAEMON Tools Toolbar

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
DRV - File not found [Kernel | Unknown | Running] -- -- (mvd20)
DRV - File not found [Kernel | Unknown | Running] -- -- (mdf15)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010-06-27 12:05:38 | 000,002,426 | ---- | M] () -- C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\6fdxinn8.default\searchplugins\askcom.xml
[2010-08-05 12:58:15 | 000,002,059 | ---- | M] () -- C:\Users\ADAM\AppData\Roaming\Mozilla\Firefox\Profiles\6fdxinn8.default\searchplugins\daemon-search.xml
O4 - HKLM..\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr File not found
O4 - HKLM..\Run: [PrzyspieszKomputer] C:\Program Files\Przyspiesz Komputer\przyspieszkomputer.exe File not found
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Commands
[emptytemp]
[emptyflash]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, usuń co znajdzie )

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).