GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-06 22:11:22 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.CH 0,00MB Running: b6uzjr5u.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\agdirpog.sys ---- System - GMER 2.1 ---- Code \??\C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 2.1 ---- ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\catchme.sys System nie może odnaleźć określonej ścieżki. ! LCODE C:\WINDOWS\system32\DRIVERS\pcx500.sys entry point in "LCODE" section [0x9618F7A8] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\csrss.exe[516] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01556390 .text C:\WINDOWS\system32\csrss.exe[516] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01556640 .text C:\WINDOWS\system32\csrss.exe[516] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 015553D0 .text C:\WINDOWS\system32\csrss.exe[516] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01555300 .text C:\WINDOWS\system32\csrss.exe[516] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 015511C0 .text C:\WINDOWS\system32\csrss.exe[516] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01551290 .text C:\WINDOWS\system32\csrss.exe[516] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 01552570 .text C:\WINDOWS\system32\csrss.exe[516] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01551000 .text C:\WINDOWS\system32\csrss.exe[516] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 015510A0 .text C:\WINDOWS\system32\csrss.exe[516] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01552510 .text C:\WINDOWS\system32\csrss.exe[516] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01551D10 .text C:\WINDOWS\system32\csrss.exe[516] WS2_32.dll!send 71A54C27 5 Bytes JMP 01557250 .text C:\WINDOWS\system32\csrss.exe[516] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01552160 .text C:\WINDOWS\system32\csrss.exe[516] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 015520A0 .text C:\WINDOWS\system32\csrss.exe[516] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 015523A0 .text C:\WINDOWS\system32\winlogon.exe[540] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02346390 .text C:\WINDOWS\system32\winlogon.exe[540] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02346640 .text C:\WINDOWS\system32\winlogon.exe[540] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 023453D0 .text C:\WINDOWS\system32\winlogon.exe[540] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02345300 .text C:\WINDOWS\system32\winlogon.exe[540] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 023411C0 .text C:\WINDOWS\system32\winlogon.exe[540] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02341290 .text C:\WINDOWS\system32\winlogon.exe[540] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02342570 .text C:\WINDOWS\system32\winlogon.exe[540] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02341000 .text C:\WINDOWS\system32\winlogon.exe[540] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 023410A0 .text C:\WINDOWS\system32\winlogon.exe[540] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02342510 .text C:\WINDOWS\system32\winlogon.exe[540] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02341D10 .text C:\WINDOWS\system32\winlogon.exe[540] WS2_32.dll!send 71A54C27 5 Bytes JMP 02347250 .text C:\WINDOWS\system32\winlogon.exe[540] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02342160 .text C:\WINDOWS\system32\winlogon.exe[540] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 023420A0 .text C:\WINDOWS\system32\winlogon.exe[540] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 023423A0 .text C:\WINDOWS\system32\services.exe[584] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01266390 .text C:\WINDOWS\system32\services.exe[584] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01266640 .text C:\WINDOWS\system32\services.exe[584] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 012653D0 .text C:\WINDOWS\system32\services.exe[584] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01265300 .text C:\WINDOWS\system32\services.exe[584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012611C0 .text C:\WINDOWS\system32\services.exe[584] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01261290 .text C:\WINDOWS\system32\services.exe[584] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01262570 .text C:\WINDOWS\system32\services.exe[584] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01261000 .text C:\WINDOWS\system32\services.exe[584] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 012610A0 .text C:\WINDOWS\system32\services.exe[584] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01262510 .text C:\WINDOWS\system32\services.exe[584] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01261D10 .text C:\WINDOWS\system32\services.exe[584] WS2_32.dll!send 71A54C27 5 Bytes JMP 01267250 .text C:\WINDOWS\system32\services.exe[584] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01262160 .text C:\WINDOWS\system32\services.exe[584] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 012620A0 .text C:\WINDOWS\system32\services.exe[584] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 012623A0 .text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B76390 .text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B76640 .text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B753D0 .text C:\WINDOWS\system32\svchost.exe[748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B75300 .text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B711C0 .text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B71290 .text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B72570 .text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B71000 .text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B710A0 .text C:\WINDOWS\system32\svchost.exe[748] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B72510 .text C:\WINDOWS\system32\svchost.exe[748] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B71D10 .text C:\WINDOWS\system32\svchost.exe[748] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B77250 .text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00B72160 .text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00B720A0 .text C:\WINDOWS\system32\svchost.exe[748] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00B723A0 .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00D56390 .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D56640 .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D553D0 .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D55300 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D511C0 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D51290 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00D52570 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00D51000 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00D510A0 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00D52510 .text C:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D51D10 .text C:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D57250 .text C:\WINDOWS\system32\svchost.exe[828] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00D52160 .text C:\WINDOWS\system32\svchost.exe[828] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00D520A0 .text C:\WINDOWS\system32\svchost.exe[828] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00D523A0 .text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 034E6390 .text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 034E6640 .text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 034E53D0 .text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 034E5300 .text C:\WINDOWS\System32\svchost.exe[868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 034E11C0 .text C:\WINDOWS\System32\svchost.exe[868] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 034E1290 .text C:\WINDOWS\System32\svchost.exe[868] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 034E2570 .text C:\WINDOWS\System32\svchost.exe[868] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 034E1000 .text C:\WINDOWS\System32\svchost.exe[868] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 034E10A0 .text C:\WINDOWS\System32\svchost.exe[868] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 034E2510 .text C:\WINDOWS\System32\svchost.exe[868] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 034E1D10 .text C:\WINDOWS\System32\svchost.exe[868] WS2_32.dll!send 71A54C27 5 Bytes JMP 034E7250 .text C:\WINDOWS\System32\svchost.exe[868] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 034E2160 .text C:\WINDOWS\System32\svchost.exe[868] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 034E20A0 .text C:\WINDOWS\System32\svchost.exe[868] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 034E23A0 .text C:\WINDOWS\KMService.exe[896] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00156390 .text C:\WINDOWS\KMService.exe[896] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156640 .text C:\WINDOWS\KMService.exe[896] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001553D0 .text C:\WINDOWS\KMService.exe[896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00155300 .text C:\WINDOWS\KMService.exe[896] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001511C0 .text C:\WINDOWS\KMService.exe[896] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00151290 .text C:\WINDOWS\KMService.exe[896] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00152570 .text C:\WINDOWS\KMService.exe[896] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00151000 .text C:\WINDOWS\KMService.exe[896] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001510A0 .text C:\WINDOWS\KMService.exe[896] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00152510 .text C:\WINDOWS\KMService.exe[896] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text C:\WINDOWS\KMService.exe[896] WS2_32.dll!send 71A54C27 5 Bytes JMP 00157250 .text C:\WINDOWS\KMService.exe[896] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00152160 .text C:\WINDOWS\KMService.exe[896] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001520A0 .text C:\WINDOWS\KMService.exe[896] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001523A0 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A56390 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A56640 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A553D0 .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A55300 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A511C0 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A51290 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A52570 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A51000 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A510A0 .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A52510 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A51D10 .text C:\WINDOWS\system32\svchost.exe[908] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A57250 .text C:\WINDOWS\system32\svchost.exe[908] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00A52160 .text C:\WINDOWS\system32\svchost.exe[908] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00A520A0 .text C:\WINDOWS\system32\svchost.exe[908] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00A523A0 .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00836390 .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00836640 .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 008353D0 .text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00835300 .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008311C0 .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00831290 .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00832570 .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00831000 .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 008310A0 .text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00832510 .text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00831D10 .text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!send 71A54C27 5 Bytes JMP 00837250 .text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00832160 .text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 008320A0 .text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 008323A0 .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01106390 .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01106640 .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011053D0 .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01105300 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011011C0 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01101290 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01102570 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01101000 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011010A0 .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01102510 .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01101D10 .text C:\WINDOWS\system32\svchost.exe[988] WS2_32.dll!send 71A54C27 5 Bytes JMP 01107250 .text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01102160 .text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011020A0 .text C:\WINDOWS\system32\svchost.exe[988] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011023A0 .text C:\WINDOWS\system32\spoolsv.exe[1124] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00F86390 .text C:\WINDOWS\system32\spoolsv.exe[1124] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F86640 .text C:\WINDOWS\system32\spoolsv.exe[1124] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F853D0 .text C:\WINDOWS\system32\spoolsv.exe[1124] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F85300 .text C:\WINDOWS\system32\spoolsv.exe[1124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F811C0 .text C:\WINDOWS\system32\spoolsv.exe[1124] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F81290 .text C:\WINDOWS\system32\spoolsv.exe[1124] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00F82570 .text C:\WINDOWS\system32\spoolsv.exe[1124] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00F81000 .text C:\WINDOWS\system32\spoolsv.exe[1124] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00F810A0 .text C:\WINDOWS\system32\spoolsv.exe[1124] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00F82510 .text C:\WINDOWS\system32\spoolsv.exe[1124] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F81D10 .text C:\WINDOWS\system32\spoolsv.exe[1124] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F87250 .text C:\WINDOWS\system32\spoolsv.exe[1124] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00F82160 .text C:\WINDOWS\system32\spoolsv.exe[1124] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00F820A0 .text C:\WINDOWS\system32\spoolsv.exe[1124] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00F823A0 .text C:\WINDOWS\System32\SCardSvr.exe[1164] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00786390 .text C:\WINDOWS\System32\SCardSvr.exe[1164] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00786640 .text C:\WINDOWS\System32\SCardSvr.exe[1164] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007853D0 .text C:\WINDOWS\System32\SCardSvr.exe[1164] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00785300 .text C:\WINDOWS\System32\SCardSvr.exe[1164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007811C0 .text C:\WINDOWS\System32\SCardSvr.exe[1164] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00781290 .text C:\WINDOWS\System32\SCardSvr.exe[1164] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00782570 .text C:\WINDOWS\System32\SCardSvr.exe[1164] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00781000 .text C:\WINDOWS\System32\SCardSvr.exe[1164] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007810A0 .text C:\WINDOWS\System32\SCardSvr.exe[1164] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00782510 .text C:\WINDOWS\System32\SCardSvr.exe[1164] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00781D10 .text C:\WINDOWS\System32\SCardSvr.exe[1164] WS2_32.dll!send 71A54C27 5 Bytes JMP 00787250 .text C:\WINDOWS\System32\SCardSvr.exe[1164] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00782160 .text C:\WINDOWS\System32\SCardSvr.exe[1164] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007820A0 .text C:\WINDOWS\System32\SCardSvr.exe[1164] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007823A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01266390 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01266640 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 012653D0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01265300 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012611C0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01261290 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01262570 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01261000 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 012610A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01262510 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01261D10 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] WS2_32.dll!send 71A54C27 5 Bytes JMP 01267250 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01262160 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 012620A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1184] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 012623A0 .text C:\WINDOWS\System32\alg.exe[1204] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\alg.exe[1204] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\alg.exe[1204] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\alg.exe[1204] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\alg.exe[1204] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[1204] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\alg.exe[1204] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\alg.exe[1204] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[1204] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[1204] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\alg.exe[1204] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\alg.exe[1204] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\alg.exe[1204] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\System32\alg.exe[1204] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\alg.exe[1204] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 011B6390 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 011B6640 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011B53D0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011B5300 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011B11C0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011B1290 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 011B2570 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 011B1000 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011B10A0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 011B2510 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011B1D10 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] WS2_32.dll!send 71A54C27 5 Bytes JMP 011B7250 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 011B2160 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011B20A0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[1264] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011B23A0 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 03146390 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 03146640 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 031453D0 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 03145300 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 031411C0 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03141290 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 03142570 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 03141000 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 031410A0 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 03142510 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03141D10 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] WS2_32.dll!send 71A54C27 5 Bytes JMP 03147250 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 03142160 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 031420A0 .text C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe[1332] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 031423A0 .text C:\WINDOWS\system32\ctfmon.exe[1448] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000B6390 .text C:\WINDOWS\system32\ctfmon.exe[1448] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000B6640 .text C:\WINDOWS\system32\ctfmon.exe[1448] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000B53D0 .text C:\WINDOWS\system32\ctfmon.exe[1448] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000B5300 .text C:\WINDOWS\system32\ctfmon.exe[1448] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000B11C0 .text C:\WINDOWS\system32\ctfmon.exe[1448] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000B1290 .text C:\WINDOWS\system32\ctfmon.exe[1448] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000B2570 .text C:\WINDOWS\system32\ctfmon.exe[1448] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000B1000 .text C:\WINDOWS\system32\ctfmon.exe[1448] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000B10A0 .text C:\WINDOWS\system32\ctfmon.exe[1448] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000B2510 .text C:\WINDOWS\system32\ctfmon.exe[1448] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000B1D10 .text C:\WINDOWS\system32\ctfmon.exe[1448] WS2_32.dll!send 71A54C27 5 Bytes JMP 000B7250 .text C:\WINDOWS\system32\ctfmon.exe[1448] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000B2160 .text C:\WINDOWS\system32\ctfmon.exe[1448] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000B20A0 .text C:\WINDOWS\system32\ctfmon.exe[1448] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000B23A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02276390 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02276640 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 022753D0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02275300 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 022711C0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02271290 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02272570 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02271000 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 022710A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02272510 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02271D10 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] WS2_32.dll!send 71A54C27 5 Bytes JMP 02277250 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02272160 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 022720A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[1500] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 022723A0 .text C:\Program Files\Intel\AMT\LMS.exe[1744] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01816390 .text C:\Program Files\Intel\AMT\LMS.exe[1744] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01816640 .text C:\Program Files\Intel\AMT\LMS.exe[1744] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 018153D0 .text C:\Program Files\Intel\AMT\LMS.exe[1744] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01815300 .text C:\Program Files\Intel\AMT\LMS.exe[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018111C0 .text C:\Program Files\Intel\AMT\LMS.exe[1744] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01811290 .text C:\Program Files\Intel\AMT\LMS.exe[1744] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01812570 .text C:\Program Files\Intel\AMT\LMS.exe[1744] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01811000 .text C:\Program Files\Intel\AMT\LMS.exe[1744] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 018110A0 .text C:\Program Files\Intel\AMT\LMS.exe[1744] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01812510 .text C:\Program Files\Intel\AMT\LMS.exe[1744] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01811D10 .text C:\Program Files\Intel\AMT\LMS.exe[1744] WS2_32.dll!send 71A54C27 5 Bytes JMP 01817250 .text C:\Program Files\Intel\AMT\LMS.exe[1744] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01812160 .text C:\Program Files\Intel\AMT\LMS.exe[1744] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 018120A0 .text C:\Program Files\Intel\AMT\LMS.exe[1744] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 018123A0 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01126390 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01126640 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011253D0 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01125300 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011211C0 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01121290 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01122570 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01121000 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011210A0 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01122510 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01121D10 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] WS2_32.dll!send 71A54C27 5 Bytes JMP 01127250 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01122160 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011220A0 .text C:\Program Files\PDF Complete\pdfsvc.exe[1816] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011223A0 .text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\svchost.exe[1992] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\svchost.exe[1992] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\svchost.exe[1992] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\svchost.exe[1992] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\svchost.exe[1992] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\svchost.exe[1992] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\svchost.exe[1992] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 011D6390 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 011D6640 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011D53D0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011D5300 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011D11C0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011D1290 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 011D2570 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 011D1000 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011D10A0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 011D2510 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011D1D10 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] WS2_32.dll!send 71A54C27 5 Bytes JMP 011D7250 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 011D2160 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011D20A0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[2028] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011D23A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[2084] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\hkcmd.exe[2164] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00FE6390 .text C:\WINDOWS\system32\hkcmd.exe[2164] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00FE6640 .text C:\WINDOWS\system32\hkcmd.exe[2164] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00FE53D0 .text C:\WINDOWS\system32\hkcmd.exe[2164] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00FE5300 .text C:\WINDOWS\system32\hkcmd.exe[2164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE11C0 .text C:\WINDOWS\system32\hkcmd.exe[2164] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FE1290 .text C:\WINDOWS\system32\hkcmd.exe[2164] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00FE2570 .text C:\WINDOWS\system32\hkcmd.exe[2164] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00FE1000 .text C:\WINDOWS\system32\hkcmd.exe[2164] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00FE10A0 .text C:\WINDOWS\system32\hkcmd.exe[2164] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00FE2510 .text C:\WINDOWS\system32\hkcmd.exe[2164] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00FE1D10 .text C:\WINDOWS\system32\hkcmd.exe[2164] WS2_32.dll!send 71A54C27 5 Bytes JMP 00FE7250 .text C:\WINDOWS\system32\hkcmd.exe[2164] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00FE2160 .text C:\WINDOWS\system32\hkcmd.exe[2164] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00FE20A0 .text C:\WINDOWS\system32\hkcmd.exe[2164] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00FE23A0 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 012E6390 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 012E6640 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 012E53D0 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 012E5300 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 012E11C0 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 012E1290 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 012E2570 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 012E1000 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 012E10A0 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 012E2510 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012E1D10 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] WS2_32.dll!send 71A54C27 5 Bytes JMP 012E7250 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 012E2160 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 012E20A0 .text C:\WINDOWS\system32\igfxsrvc.exe[2188] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 012E23A0 .text C:\WINDOWS\system32\igfxpers.exe[2196] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00F06390 .text C:\WINDOWS\system32\igfxpers.exe[2196] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F06640 .text C:\WINDOWS\system32\igfxpers.exe[2196] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F053D0 .text C:\WINDOWS\system32\igfxpers.exe[2196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F05300 .text C:\WINDOWS\system32\igfxpers.exe[2196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F011C0 .text C:\WINDOWS\system32\igfxpers.exe[2196] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F01290 .text C:\WINDOWS\system32\igfxpers.exe[2196] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00F02570 .text C:\WINDOWS\system32\igfxpers.exe[2196] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00F01000 .text C:\WINDOWS\system32\igfxpers.exe[2196] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00F010A0 .text C:\WINDOWS\system32\igfxpers.exe[2196] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00F02510 .text C:\WINDOWS\system32\igfxpers.exe[2196] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F01D10 .text C:\WINDOWS\system32\igfxpers.exe[2196] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F07250 .text C:\WINDOWS\system32\igfxpers.exe[2196] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00F02160 .text C:\WINDOWS\system32\igfxpers.exe[2196] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00F020A0 .text C:\WINDOWS\system32\igfxpers.exe[2196] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00F023A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00E16390 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00E16640 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00E153D0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00E15300 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E111C0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E11290 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00E12570 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00E11000 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00E110A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00E12510 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E11D10 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E17250 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00E12160 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00E120A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[2232] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00E123A0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01176390 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01176640 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011753D0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01175300 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011711C0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01171290 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01172570 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01171000 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011710A0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01172510 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01171D10 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] WS2_32.dll!send 71A54C27 5 Bytes JMP 01177250 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01172160 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011720A0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[2316] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011723A0 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00E06390 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00E06640 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00E053D0 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00E05300 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E011C0 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E01290 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00E02570 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00E01000 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00E010A0 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00E02510 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 004170D0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 00417140 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00416FC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 00416F10 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00417090 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00416F50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00417000 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00416F80 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00417040 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 00416ED0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[2352] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E01D10 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E07250 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00E02160 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00E020A0 .text C:\WINDOWS\SMINST\Scheduler.exe[2352] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00E023A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01A46390 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01A46640 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01A453D0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01A45300 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A411C0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01A41290 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01A42570 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01A41000 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01A410A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01A42510 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01A42160 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 01A420A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 01A423A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01A41D10 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[2412] ws2_32.dll!send 71A54C27 5 Bytes JMP 01A47250 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01746390 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01746640 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 017453D0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01745300 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017411C0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01741290 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01742570 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01741000 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 017410A0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01742510 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01741D10 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] WS2_32.dll!send 71A54C27 5 Bytes JMP 01747250 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01742160 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 017420A0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[2508] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 017423A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B96390 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B96640 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B953D0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B95300 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B911C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B91290 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B92570 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B91000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B910A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B92510 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00B92160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00B920A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00B923A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B91D10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2528] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B97250 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01846390 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01846640 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 018453D0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01845300 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018411C0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01841290 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01842570 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01841000 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 018410A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01842510 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01841D10 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] WS2_32.dll!send 71A54C27 5 Bytes JMP 01847250 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01842160 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 018420A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[2680] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 018423A0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00256390 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00256640 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 002553D0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00255300 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 002511C0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00251290 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00252570 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00251000 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 002510A0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00252510 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00252160 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 002520A0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 002523A0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] WS2_32.DLL!GetAddrInfoW 71A52899 5 Bytes JMP 00251D10 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\realsched[3016] WS2_32.DLL!send 71A54C27 5 Bytes JMP 00257250 .text C:\WINDOWS\explorer.exe[3088] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\explorer.exe[3088] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\explorer.exe[3088] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\explorer.exe[3088] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\explorer.exe[3088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\explorer.exe[3088] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\explorer.exe[3088] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\explorer.exe[3088] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\explorer.exe[3088] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\explorer.exe[3088] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\explorer.exe[3088] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\explorer.exe[3088] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\explorer.exe[3088] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\WINDOWS\explorer.exe[3088] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\explorer.exe[3088] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\WINDOWS\System32\r2c\mirc.exe[3196] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\Program Files\Common Files\System\win32.exe[3252] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00156390 .text C:\Program Files\Common Files\System\win32.exe[3252] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156640 .text C:\Program Files\Common Files\System\win32.exe[3252] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001553D0 .text C:\Program Files\Common Files\System\win32.exe[3252] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00155300 .text C:\Program Files\Common Files\System\win32.exe[3252] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001511C0 .text C:\Program Files\Common Files\System\win32.exe[3252] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00151290 .text C:\Program Files\Common Files\System\win32.exe[3252] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00152570 .text C:\Program Files\Common Files\System\win32.exe[3252] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00151000 .text C:\Program Files\Common Files\System\win32.exe[3252] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001510A0 .text C:\Program Files\Common Files\System\win32.exe[3252] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00152510 .text C:\Program Files\Common Files\System\win32.exe[3252] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text C:\Program Files\Common Files\System\win32.exe[3252] WS2_32.dll!send 71A54C27 5 Bytes JMP 00157250 .text C:\Program Files\Common Files\System\win32.exe[3252] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00152160 .text C:\Program Files\Common Files\System\win32.exe[3252] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001520A0 .text C:\Program Files\Common Files\System\win32.exe[3252] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001523A0 .text C:\WINDOWS\system32\srvany.exe[3312] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00096390 .text C:\WINDOWS\system32\srvany.exe[3312] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096640 .text C:\WINDOWS\system32\srvany.exe[3312] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000953D0 .text C:\WINDOWS\system32\srvany.exe[3312] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00095300 .text C:\WINDOWS\system32\srvany.exe[3312] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000911C0 .text C:\WINDOWS\system32\srvany.exe[3312] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00091290 .text C:\WINDOWS\system32\srvany.exe[3312] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00092570 .text C:\WINDOWS\system32\srvany.exe[3312] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00091000 .text C:\WINDOWS\system32\srvany.exe[3312] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000910A0 .text C:\WINDOWS\system32\srvany.exe[3312] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00092510 .text C:\WINDOWS\system32\srvany.exe[3312] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00091D10 .text C:\WINDOWS\system32\srvany.exe[3312] WS2_32.dll!send 71A54C27 5 Bytes JMP 00097250 .text C:\WINDOWS\system32\srvany.exe[3312] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00092160 .text C:\WINDOWS\system32\srvany.exe[3312] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000920A0 .text C:\WINDOWS\system32\srvany.exe[3312] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000923A0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\xblstat[3384] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\WINDOWS\System32\svchost.exe[3940] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\svchost.exe[3940] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\svchost.exe[3940] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\svchost.exe[3940] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\svchost.exe[3940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\svchost.exe[3940] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\svchost.exe[3940] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\svchost.exe[3940] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\svchost.exe[3940] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\svchost.exe[3940] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\svchost.exe[3940] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\svchost.exe[3940] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\svchost.exe[3940] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\System32\svchost.exe[3940] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\svchost.exe[3940] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4004] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wscntfy.exe[4048] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wscntfy.exe[4048] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wscntfy.exe[4048] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wscntfy.exe[4048] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wscntfy.exe[4048] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wscntfy.exe[4048] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wscntfy.exe[4048] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wscntfy.exe[4048] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wscntfy.exe[4048] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wscntfy.exe[4048] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wscntfy.exe[4048] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wscntfy.exe[4048] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wscntfy.exe[4048] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wscntfy.exe[4048] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wscntfy.exe[4048] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Administrator\Dane aplikacji\Kflklu.exe ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Kflklu.reg.dat 161 bytes File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\snd.htm 0 bytes File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\Wav 0 bytes File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\contents.htm 0 bytes File C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\wmploc.js 0 bytes ---- EOF - GMER 2.1 ----