GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-07-17 08:26:06 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-15 ST3160815AS rev.3.AAD Running: jcx4ylyu.exe; Driver: C:\DOCUME~1\jaraczk\USTAWI~1\Temp\agndykow.sys ---- System - GMER 1.0.15 ---- SSDT 8944DC90 ZwAssignProcessToJobObject SSDT 8944E200 ZwDebugActiveProcess SSDT 8944E2F0 ZwDuplicateObject SSDT 8944D590 ZwOpenProcess SSDT 8944D800 ZwOpenThread SSDT 8944DFD0 ZwProtectVirtualMemory SSDT 8944E0E0 ZwQueueApcThread SSDT 8944DEC0 ZwSetContextThread SSDT 8944DD90 ZwSetInformationThread SSDT 8944ADA0 ZwSetSecurityObject SSDT 8944DB90 ZwSuspendProcess SSDT 8944DA80 ZwSuspendThread SSDT 8944D6E0 ZwTerminateProcess SSDT 8944DA50 ZwTerminateThread SSDT 8944E6D0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF6BD5000, 0x288B98, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C76390 .text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C76640 .text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C753D0 .text C:\WINDOWS\system32\svchost.exe[168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C75300 .text C:\WINDOWS\system32\svchost.exe[168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C711C0 .text C:\WINDOWS\system32\svchost.exe[168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C71290 .text C:\WINDOWS\system32\svchost.exe[168] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C72570 .text C:\WINDOWS\system32\svchost.exe[168] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C71000 .text C:\WINDOWS\system32\svchost.exe[168] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C710A0 .text C:\WINDOWS\system32\svchost.exe[168] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C72510 .text C:\WINDOWS\system32\svchost.exe[168] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C72160 .text C:\WINDOWS\system32\svchost.exe[168] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C720A0 .text C:\WINDOWS\system32\svchost.exe[168] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C723A0 .text C:\WINDOWS\system32\svchost.exe[168] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C71D10 .text C:\WINDOWS\system32\svchost.exe[168] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C77250 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00936390 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00936640 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009353D0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00935300 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009311C0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00931290 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00932570 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00931000 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009310A0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00932510 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00931D10 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] WS2_32.dll!send 71A54C27 5 Bytes JMP 00937250 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00932160 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009320A0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[212] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009323A0 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00896390 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00896640 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008953D0 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00895300 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008911C0 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00891290 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00892570 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00891000 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008910A0 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00892510 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00891D10 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] WS2_32.dll!send 71A54C27 5 Bytes JMP 00897250 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00892160 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 008920A0 .text C:\Program Files\Intel\AMT\atchksrv.exe[240] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 008923A0 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01966390 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01966640 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 019653D0 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01965300 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 019611C0 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01961290 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01962570 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01961000 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 019610A0 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01962510 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01961D10 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] WS2_32.dll!send 71A54C27 5 Bytes JMP 01967250 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01962160 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 019620A0 .text C:\Program Files\Wave Systems Corp\Common\DataServer.exe[264] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 019623A0 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01026390 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01026640 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 010253D0 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01025300 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010211C0 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01021290 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01022570 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01021000 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 010210A0 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01022510 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01021D10 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] WS2_32.dll!send 71A54C27 5 Bytes JMP 01027250 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01022160 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 010220A0 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[292] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 010223A0 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012B1618 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B910C1A .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B910C8B .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 012B1695 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B910DB9 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012B179E .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 36, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009F6390 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009F6640 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009F53D0 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009F5300 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F11C0 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009F1290 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009F2570 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009F1000 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009F10A0 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009F2510 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009F1D10 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] WS2_32.dll!send 71A54C27 5 Bytes JMP 009F7250 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 009F2160 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009F20A0 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[340] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009F23A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[440] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C96390 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C96640 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C953D0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C95300 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C911C0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C91290 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C92570 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C91000 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C910A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C92510 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C92160 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C920A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C923A0 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C91D10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[484] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C97250 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02296390 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02296640 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 022953D0 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02295300 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 022911C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02291290 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02292570 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02291000 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 022910A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02292510 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02291D10 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] WS2_32.dll!send 71A54C27 5 Bytes JMP 02297250 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 02292160 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 022920A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[492] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 022923A0 .text C:\Program Files\Intel\AMT\LMS.exe[520] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009F6390 .text C:\Program Files\Intel\AMT\LMS.exe[520] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009F6640 .text C:\Program Files\Intel\AMT\LMS.exe[520] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009F53D0 .text C:\Program Files\Intel\AMT\LMS.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009F5300 .text C:\Program Files\Intel\AMT\LMS.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F11C0 .text C:\Program Files\Intel\AMT\LMS.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009F1290 .text C:\Program Files\Intel\AMT\LMS.exe[520] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009F2570 .text C:\Program Files\Intel\AMT\LMS.exe[520] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009F1000 .text C:\Program Files\Intel\AMT\LMS.exe[520] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009F10A0 .text C:\Program Files\Intel\AMT\LMS.exe[520] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009F2510 .text C:\Program Files\Intel\AMT\LMS.exe[520] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009F1D10 .text C:\Program Files\Intel\AMT\LMS.exe[520] WS2_32.dll!send 71A54C27 5 Bytes JMP 009F7250 .text C:\Program Files\Intel\AMT\LMS.exe[520] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 009F2160 .text C:\Program Files\Intel\AMT\LMS.exe[520] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009F20A0 .text C:\Program Files\Intel\AMT\LMS.exe[520] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009F23A0 .text C:\WINDOWS\system32\rundll32.exe[664] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01EE6390 .text C:\WINDOWS\system32\rundll32.exe[664] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01EE6640 .text C:\WINDOWS\system32\rundll32.exe[664] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01EE53D0 .text C:\WINDOWS\system32\rundll32.exe[664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01EE5300 .text C:\WINDOWS\system32\rundll32.exe[664] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01EE11C0 .text C:\WINDOWS\system32\rundll32.exe[664] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01EE1290 .text C:\WINDOWS\system32\rundll32.exe[664] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01EE2570 .text C:\WINDOWS\system32\rundll32.exe[664] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01EE1000 .text C:\WINDOWS\system32\rundll32.exe[664] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01EE10A0 .text C:\WINDOWS\system32\rundll32.exe[664] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01EE2510 .text C:\WINDOWS\system32\rundll32.exe[664] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01EE1D10 .text C:\WINDOWS\system32\rundll32.exe[664] WS2_32.dll!send 71A54C27 5 Bytes JMP 01EE7250 .text C:\WINDOWS\system32\rundll32.exe[664] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01EE2160 .text C:\WINDOWS\system32\rundll32.exe[664] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01EE20A0 .text C:\WINDOWS\system32\rundll32.exe[664] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01EE23A0 .text C:\WINDOWS\system32\ctfmon.exe[676] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E66390 .text C:\WINDOWS\system32\ctfmon.exe[676] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E66640 .text C:\WINDOWS\system32\ctfmon.exe[676] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E653D0 .text C:\WINDOWS\system32\ctfmon.exe[676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E65300 .text C:\WINDOWS\system32\ctfmon.exe[676] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E611C0 .text C:\WINDOWS\system32\ctfmon.exe[676] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E61290 .text C:\WINDOWS\system32\ctfmon.exe[676] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E62570 .text C:\WINDOWS\system32\ctfmon.exe[676] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E61000 .text C:\WINDOWS\system32\ctfmon.exe[676] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E610A0 .text C:\WINDOWS\system32\ctfmon.exe[676] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E62510 .text C:\WINDOWS\system32\ctfmon.exe[676] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E61D10 .text C:\WINDOWS\system32\ctfmon.exe[676] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E67250 .text C:\WINDOWS\system32\ctfmon.exe[676] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00E62160 .text C:\WINDOWS\system32\ctfmon.exe[676] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00E620A0 .text C:\WINDOWS\system32\ctfmon.exe[676] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00E623A0 .text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 014E6390 .text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 014E6640 .text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 014E53D0 .text C:\WINDOWS\system32\csrss.exe[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 014E5300 .text C:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 014E11C0 .text C:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 014E1290 .text C:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!MoveFileW 7C821261 5 Bytes JMP 014E2570 .text C:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CopyFileA 7C8286EE 5 Bytes JMP 014E1000 .text C:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!CopyFileW 7C82F87B 5 Bytes JMP 014E10A0 .text C:\WINDOWS\system32\csrss.exe[716] KERNEL32.dll!MoveFileA 7C835EBF 5 Bytes JMP 014E2510 .text C:\WINDOWS\system32\csrss.exe[716] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 014E1D10 .text C:\WINDOWS\system32\csrss.exe[716] WS2_32.dll!send 71A54C27 5 Bytes JMP 014E7250 .text C:\WINDOWS\system32\csrss.exe[716] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 014E2160 .text C:\WINDOWS\system32\csrss.exe[716] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 014E20A0 .text C:\WINDOWS\system32\csrss.exe[716] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 014E23A0 .text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 016C6390 .text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 016C6640 .text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 016C53D0 .text C:\WINDOWS\system32\winlogon.exe[752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016C5300 .text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 016C11C0 .text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 016C1290 .text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 016C2570 .text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 016C1000 .text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 016C10A0 .text C:\WINDOWS\system32\winlogon.exe[752] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 016C2510 .text C:\WINDOWS\system32\winlogon.exe[752] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 016C1D10 .text C:\WINDOWS\system32\winlogon.exe[752] WS2_32.dll!send 71A54C27 5 Bytes JMP 016C7250 .text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 016C2160 .text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 016C20A0 .text C:\WINDOWS\system32\winlogon.exe[752] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 016C23A0 .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A76390 .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A76640 .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A753D0 .text C:\WINDOWS\system32\services.exe[796] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A75300 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A711C0 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A71290 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A72570 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A71000 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A710A0 .text C:\WINDOWS\system32\services.exe[796] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A72510 .text C:\WINDOWS\system32\services.exe[796] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A71D10 .text C:\WINDOWS\system32\services.exe[796] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A77250 .text C:\WINDOWS\system32\services.exe[796] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A72160 .text C:\WINDOWS\system32\services.exe[796] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A720A0 .text C:\WINDOWS\system32\services.exe[796] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A723A0 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 03B06390 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 03B06640 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 03B053D0 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 03B05300 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03B011C0 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 03B01290 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 03B02570 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 03B01000 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 03B010A0 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 03B02510 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03B01D10 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] WS2_32.dll!send 71A54C27 5 Bytes JMP 03B07250 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 03B02160 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 03B020A0 .text C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe[868] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 03B023A0 .text C:\WINDOWS\system32\Ati2evxx.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00E46390 .text C:\WINDOWS\system32\Ati2evxx.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00E46640 .text C:\WINDOWS\system32\Ati2evxx.exe[980] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00E453D0 .text C:\WINDOWS\system32\Ati2evxx.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00E45300 .text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E411C0 .text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E41290 .text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00E42570 .text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00E41000 .text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00E410A0 .text C:\WINDOWS\system32\Ati2evxx.exe[980] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00E42510 .text C:\WINDOWS\system32\Ati2evxx.exe[980] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E41D10 .text C:\WINDOWS\system32\Ati2evxx.exe[980] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E47250 .text C:\WINDOWS\system32\Ati2evxx.exe[980] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00E42160 .text C:\WINDOWS\system32\Ati2evxx.exe[980] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00E420A0 .text C:\WINDOWS\system32\Ati2evxx.exe[980] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00E423A0 .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02456390 .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02456640 .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 024553D0 .text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02455300 .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024511C0 .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02451290 .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02452570 .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02451000 .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 024510A0 .text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02452510 .text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02451D10 .text C:\WINDOWS\system32\svchost.exe[1000] WS2_32.dll!send 71A54C27 5 Bytes JMP 02457250 .text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 02452160 .text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 024520A0 .text C:\WINDOWS\system32\svchost.exe[1000] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 024523A0 .text C:\WINDOWS\notepad.exe[1040] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009C1618 .text C:\WINDOWS\notepad.exe[1040] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009C1695 .text C:\WINDOWS\notepad.exe[1040] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009C179E .text C:\WINDOWS\system32\HPZipm12.exe[1056] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 008B6390 .text C:\WINDOWS\system32\HPZipm12.exe[1056] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 008B6640 .text C:\WINDOWS\system32\HPZipm12.exe[1056] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 008B53D0 .text C:\WINDOWS\system32\HPZipm12.exe[1056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 008B5300 .text C:\WINDOWS\system32\HPZipm12.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008B11C0 .text C:\WINDOWS\system32\HPZipm12.exe[1056] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 008B1290 .text C:\WINDOWS\system32\HPZipm12.exe[1056] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 008B2570 .text C:\WINDOWS\system32\HPZipm12.exe[1056] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 008B1000 .text C:\WINDOWS\system32\HPZipm12.exe[1056] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 008B10A0 .text C:\WINDOWS\system32\HPZipm12.exe[1056] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 008B2510 .text C:\WINDOWS\system32\HPZipm12.exe[1056] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 008B1D10 .text C:\WINDOWS\system32\HPZipm12.exe[1056] WS2_32.dll!send 71A54C27 5 Bytes JMP 008B7250 .text C:\WINDOWS\system32\HPZipm12.exe[1056] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 008B2160 .text C:\WINDOWS\system32\HPZipm12.exe[1056] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 008B20A0 .text C:\WINDOWS\system32\HPZipm12.exe[1056] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 008B23A0 .text C:\Program Files\Intel\AMT\atchk.exe[1068] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00B56390 .text C:\Program Files\Intel\AMT\atchk.exe[1068] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00B56640 .text C:\Program Files\Intel\AMT\atchk.exe[1068] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00B553D0 .text C:\Program Files\Intel\AMT\atchk.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00B55300 .text C:\Program Files\Intel\AMT\atchk.exe[1068] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B511C0 .text C:\Program Files\Intel\AMT\atchk.exe[1068] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B51290 .text C:\Program Files\Intel\AMT\atchk.exe[1068] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00B52570 .text C:\Program Files\Intel\AMT\atchk.exe[1068] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00B51000 .text C:\Program Files\Intel\AMT\atchk.exe[1068] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00B510A0 .text C:\Program Files\Intel\AMT\atchk.exe[1068] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00B52510 .text C:\Program Files\Intel\AMT\atchk.exe[1068] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B51D10 .text C:\Program Files\Intel\AMT\atchk.exe[1068] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B57250 .text C:\Program Files\Intel\AMT\atchk.exe[1068] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00B52160 .text C:\Program Files\Intel\AMT\atchk.exe[1068] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00B520A0 .text C:\Program Files\Intel\AMT\atchk.exe[1068] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00B523A0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01CA6390 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01CA6640 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01CA53D0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01CA5300 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01CA11C0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01CA1290 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01CA2570 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01CA1000 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01CA10A0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01CA2510 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01CA2160 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01CA20A0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01CA23A0 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01CA1D10 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1092] ws2_32.dll!send 71A54C27 5 Bytes JMP 01CA7250 .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00BE6390 .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00BE6640 .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00BE53D0 .text C:\WINDOWS\system32\svchost.exe[1116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00BE5300 .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE11C0 .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE1290 .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00BE2570 .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00BE1000 .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00BE10A0 .text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00BE2510 .text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BE1D10 .text C:\WINDOWS\system32\svchost.exe[1116] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BE7250 .text C:\WINDOWS\system32\svchost.exe[1116] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00BE2160 .text C:\WINDOWS\system32\svchost.exe[1116] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00BE20A0 .text C:\WINDOWS\system32\svchost.exe[1116] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00BE23A0 .text d:\Moje dokumenty\Downloads\OTL.exe[1152] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00151618 .text d:\Moje dokumenty\Downloads\OTL.exe[1152] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00151695 .text d:\Moje dokumenty\Downloads\OTL.exe[1152] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0015179E .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 02E06390 .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 02E06640 .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 02E053D0 .text C:\WINDOWS\System32\svchost.exe[1212] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 02E05300 .text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E011C0 .text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E01290 .text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 02E02570 .text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 02E01000 .text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 02E010A0 .text C:\WINDOWS\System32\svchost.exe[1212] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 02E02510 .text C:\WINDOWS\System32\svchost.exe[1212] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02E01D10 .text C:\WINDOWS\System32\svchost.exe[1212] WS2_32.dll!send 71A54C27 5 Bytes JMP 02E07250 .text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 02E02160 .text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 02E020A0 .text C:\WINDOWS\System32\svchost.exe[1212] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 02E023A0 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00A36390 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00A36640 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00A353D0 .text C:\WINDOWS\system32\svchost.exe[1248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A35300 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A311C0 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A31290 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00A32570 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00A31000 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00A310A0 .text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00A32510 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A31D10 .text C:\WINDOWS\system32\svchost.exe[1248] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A37250 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00A32160 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00A320A0 .text C:\WINDOWS\system32\svchost.exe[1248] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00A323A0 .text C:\WINDOWS\notepad.exe[1264] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 000A1618 .text C:\WINDOWS\notepad.exe[1264] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 000A1695 .text C:\WINDOWS\notepad.exe[1264] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 000A179E .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00C16390 .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00C16640 .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00C153D0 .text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00C15300 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C111C0 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C11290 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00C12570 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00C11000 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00C110A0 .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00C12510 .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C11D10 .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C17250 .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00C12160 .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00C120A0 .text C:\WINDOWS\system32\svchost.exe[1336] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00C123A0 .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00976390 .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00976640 .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009753D0 .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00975300 .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009711C0 .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00971290 .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00972570 .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00971000 .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009710A0 .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00972510 .text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00971D10 .text C:\WINDOWS\system32\svchost.exe[1352] WS2_32.dll!send 71A54C27 5 Bytes JMP 00977250 .text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00972160 .text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009720A0 .text C:\WINDOWS\system32\svchost.exe[1352] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009723A0 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00956390 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00956640 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009553D0 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00955300 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009511C0 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00951290 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00952570 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00951000 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009510A0 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00952510 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00951D10 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] WS2_32.dll!send 71A54C27 5 Bytes JMP 00957250 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00952160 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009520A0 .text C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe[1392] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009523A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01C46390 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01C46640 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 01C453D0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01C45300 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01C411C0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01C41290 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01C42570 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01C41000 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 01C410A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01C42510 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01C41D10 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] WS2_32.dll!send 71A54C27 5 Bytes JMP 01C47250 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01C42160 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 01C420A0 .text C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[1404] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 01C423A0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 003B6390 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003B6640 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003B53D0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003B5300 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 003B11C0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 003B1290 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 003B2570 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 003B1000 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 003B10A0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 003B2510 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 003B1D10 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] WS2_32.dll!send 71A54C27 5 Bytes JMP 003B7250 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 003B2160 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 003B20A0 .text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[1432] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 003B23A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 013E6390 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 013E6640 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 013E53D0 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 013E5300 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013E11C0 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 013E1290 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 013E2570 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 013E1000 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 013E10A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 013E2510 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013E1D10 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] WS2_32.dll!send 71A54C27 5 Bytes JMP 013E7250 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 013E2160 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 013E20A0 .text C:\WINDOWS\system32\Ati2evxx.exe[1472] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 013E23A0 .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00CC6390 .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00CC6640 .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00CC53D0 .text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00CC5300 .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CC11C0 .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CC1290 .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00CC2570 .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00CC1000 .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00CC10A0 .text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00CC2510 .text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00CC1D10 .text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!send 71A54C27 5 Bytes JMP 00CC7250 .text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00CC2160 .text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00CC20A0 .text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00CC23A0 .text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01546390 .text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01546640 .text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 015453D0 .text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01545300 .text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015411C0 .text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01541290 .text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 01542570 .text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 01541000 .text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 015410A0 .text C:\WINDOWS\system32\spoolsv.exe[1668] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 01542510 .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01541D10 .text C:\WINDOWS\system32\spoolsv.exe[1668] WS2_32.dll!send 71A54C27 5 Bytes JMP 01547250 .text C:\WINDOWS\system32\spoolsv.exe[1668] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 01542160 .text C:\WINDOWS\system32\spoolsv.exe[1668] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 015420A0 .text C:\WINDOWS\system32\spoolsv.exe[1668] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 015423A0 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 0C056390 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 0C056640 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0C0553D0 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0C055300 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0C0511C0 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0C051290 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[1728] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 0C052570 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 0C051000 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 0C0510A0 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 0C052510 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 0C051D10 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] WS2_32.dll!send 71A54C27 5 Bytes JMP 0C057250 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 0C052160 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 0C0520A0 .text C:\WINDOWS\system32\SearchIndexer.exe[1728] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 0C0523A0 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 012D6390 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 012D6640 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 012D53D0 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 012D5300 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012D11C0 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 012D1290 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 012D2570 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 012D1000 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 012D10A0 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 012D2510 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012D1D10 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] WS2_32.dll!send 71A54C27 5 Bytes JMP 012D7250 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 012D2160 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 012D20A0 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[2080] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 012D23A0 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01321618 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91131A .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91138B .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01321695 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9114B9 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0132179E .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 3D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text d:\Moje dokumenty\Downloads\jcx4ylyu.exe[2252] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00151618 .text d:\Moje dokumenty\Downloads\jcx4ylyu.exe[2252] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00151695 .text d:\Moje dokumenty\Downloads\jcx4ylyu.exe[2252] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0015179E .text C:\WINDOWS\system32\wuauclt.exe[2520] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 009A6390 .text C:\WINDOWS\system32\wuauclt.exe[2520] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 009A6640 .text C:\WINDOWS\system32\wuauclt.exe[2520] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 009A53D0 .text C:\WINDOWS\system32\wuauclt.exe[2520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 009A5300 .text C:\WINDOWS\system32\wuauclt.exe[2520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009A11C0 .text C:\WINDOWS\system32\wuauclt.exe[2520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009A1290 .text C:\WINDOWS\system32\wuauclt.exe[2520] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 009A2570 .text C:\WINDOWS\system32\wuauclt.exe[2520] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 009A1000 .text C:\WINDOWS\system32\wuauclt.exe[2520] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 009A10A0 .text C:\WINDOWS\system32\wuauclt.exe[2520] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 009A2510 .text C:\WINDOWS\system32\wuauclt.exe[2520] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009A1D10 .text C:\WINDOWS\system32\wuauclt.exe[2520] ws2_32.dll!send 71A54C27 5 Bytes JMP 009A7250 .text C:\WINDOWS\system32\wuauclt.exe[2520] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 009A2160 .text C:\WINDOWS\system32\wuauclt.exe[2520] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 009A20A0 .text C:\WINDOWS\system32\wuauclt.exe[2520] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 009A23A0 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00166390 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00166640 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001653D0 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00165300 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00162160 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 001620A0 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2540] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 001623A0 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 01211618 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91031A .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91038B .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 01211695 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9104B9 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0121179E .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 2D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\WINDOWS\System32\alg.exe[3200] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00AB6390 .text C:\WINDOWS\System32\alg.exe[3200] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00AB6640 .text C:\WINDOWS\System32\alg.exe[3200] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00AB53D0 .text C:\WINDOWS\System32\alg.exe[3200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00AB5300 .text C:\WINDOWS\System32\alg.exe[3200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB11C0 .text C:\WINDOWS\System32\alg.exe[3200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AB1290 .text C:\WINDOWS\System32\alg.exe[3200] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00AB2570 .text C:\WINDOWS\System32\alg.exe[3200] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00AB1000 .text C:\WINDOWS\System32\alg.exe[3200] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00AB10A0 .text C:\WINDOWS\System32\alg.exe[3200] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00AB2510 .text C:\WINDOWS\System32\alg.exe[3200] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AB1D10 .text C:\WINDOWS\System32\alg.exe[3200] WS2_32.dll!send 71A54C27 5 Bytes JMP 00AB7250 .text C:\WINDOWS\System32\alg.exe[3200] WININET.dll!HttpSendRequestW 3FD0FACE 5 Bytes JMP 00AB2160 .text C:\WINDOWS\System32\alg.exe[3200] WININET.dll!HttpSendRequestA 3FD1EEA1 5 Bytes JMP 00AB20A0 .text C:\WINDOWS\System32\alg.exe[3200] WININET.dll!InternetWriteFile 3FD66116 5 Bytes JMP 00AB23A0 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 001E1618 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F31A .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F38B .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 001E1695 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F4B9 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 001E179E .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 1D, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 28, 00] {SUB [EAX], AL; SUB [EAX], AL} .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00DF1618 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 28, 00] {SUB [EBX], AL; SUB [EAX], AL} .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 28, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 28, 00] {TEST AL, 0x1; SUB [EAX], AL} .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FE1A .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 28, 00] {TEST AL, 0x2; SUB [EAX], AL} .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 28, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 28, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FE8B .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 28, 00] {TEST AL, 0x0; SUB [EAX], AL} .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00DF1695 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FFB9 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 00DF179E .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 28, 00] {SUB [ECX], AL; SUB [EAX], AL} .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 28, 00] {SUB [EDX], AL; SUB [EAX], AL} .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 28, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 003C1618 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 003C1695 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 003C179E .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtEnumerateValueKey 7C90D2EE 5 Bytes JMP 00151618 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00151695 .text C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3924] ntdll.dll!NtResumeThread 7C90DB3E 5 Bytes JMP 0015179E ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[300] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010 IAT C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2136] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00680010 IAT C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3072] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00580010 IAT C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3680] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00580010 IAT C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003F0010 IAT C:\Documents and Settings\jaraczk\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run@12213 C:\DOCUME~1\ALLUSE~1\LOCALS~1\Temp\mskagpa.com Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2012-07-16 22:59:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastError 0 ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\All Users\Local Settings\Temp\mskagpa.com 94208 bytes executable ---- EOF - GMER 1.0.15 ----