GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-05-08 21:04:17 Windows 5.1.2600 Dodatek Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST316081 rev.3.CH 149,05GB Running: b6uzjr5u.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\agdirpog.sys ---- Kernel code sections - GMER 2.1 ---- LCODE C:\WINDOWS\system32\DRIVERS\pcx500.sys entry point in "LCODE" section [0xB8A067A8] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\wscntfy.exe[164] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wscntfy.exe[164] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wscntfy.exe[164] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wscntfy.exe[164] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wscntfy.exe[164] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wscntfy.exe[164] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wscntfy.exe[164] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wscntfy.exe[164] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wscntfy.exe[164] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wscntfy.exe[164] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wscntfy.exe[164] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wscntfy.exe[164] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wscntfy.exe[164] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wscntfy.exe[164] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wscntfy.exe[164] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\hkcmd.exe[200] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00FE6390 .text C:\WINDOWS\system32\hkcmd.exe[200] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00FE6640 .text C:\WINDOWS\system32\hkcmd.exe[200] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00FE53D0 .text C:\WINDOWS\system32\hkcmd.exe[200] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00FE5300 .text C:\WINDOWS\system32\hkcmd.exe[200] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE11C0 .text C:\WINDOWS\system32\hkcmd.exe[200] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FE1290 .text C:\WINDOWS\system32\hkcmd.exe[200] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00FE2570 .text C:\WINDOWS\system32\hkcmd.exe[200] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00FE1000 .text C:\WINDOWS\system32\hkcmd.exe[200] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00FE10A0 .text C:\WINDOWS\system32\hkcmd.exe[200] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00FE2510 .text C:\WINDOWS\system32\hkcmd.exe[200] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00FE1D10 .text C:\WINDOWS\system32\hkcmd.exe[200] WS2_32.dll!send 71A54C27 5 Bytes JMP 00FE7250 .text C:\WINDOWS\system32\hkcmd.exe[200] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00FE2160 .text C:\WINDOWS\system32\hkcmd.exe[200] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00FE20A0 .text C:\WINDOWS\system32\hkcmd.exe[200] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00FE23A0 .text C:\WINDOWS\system32\igfxpers.exe[216] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01006390 .text C:\WINDOWS\system32\igfxpers.exe[216] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01006640 .text C:\WINDOWS\system32\igfxpers.exe[216] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 010053D0 .text C:\WINDOWS\system32\igfxpers.exe[216] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01005300 .text C:\WINDOWS\system32\igfxpers.exe[216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010011C0 .text C:\WINDOWS\system32\igfxpers.exe[216] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01001290 .text C:\WINDOWS\system32\igfxpers.exe[216] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01002570 .text C:\WINDOWS\system32\igfxpers.exe[216] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01001000 .text C:\WINDOWS\system32\igfxpers.exe[216] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 010010A0 .text C:\WINDOWS\system32\igfxpers.exe[216] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01002510 .text C:\WINDOWS\system32\igfxpers.exe[216] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01001D10 .text C:\WINDOWS\system32\igfxpers.exe[216] WS2_32.dll!send 71A54C27 5 Bytes JMP 01007250 .text C:\WINDOWS\system32\igfxpers.exe[216] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01002160 .text C:\WINDOWS\system32\igfxpers.exe[216] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 010020A0 .text C:\WINDOWS\system32\igfxpers.exe[216] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 010023A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00E16390 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00E16640 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00E153D0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00E15300 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E111C0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E11290 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00E12570 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00E11000 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00E110A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00E12510 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E11D10 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E17250 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00E12160 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00E120A0 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[224] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00E123A0 .text C:\WINDOWS\system32\igfxsrvc.exe[240] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 011E6390 .text C:\WINDOWS\system32\igfxsrvc.exe[240] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 011E6640 .text C:\WINDOWS\system32\igfxsrvc.exe[240] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011E53D0 .text C:\WINDOWS\system32\igfxsrvc.exe[240] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011E5300 .text C:\WINDOWS\system32\igfxsrvc.exe[240] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011E11C0 .text C:\WINDOWS\system32\igfxsrvc.exe[240] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011E1290 .text C:\WINDOWS\system32\igfxsrvc.exe[240] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 011E2570 .text C:\WINDOWS\system32\igfxsrvc.exe[240] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 011E1000 .text C:\WINDOWS\system32\igfxsrvc.exe[240] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011E10A0 .text C:\WINDOWS\system32\igfxsrvc.exe[240] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 011E2510 .text C:\WINDOWS\system32\igfxsrvc.exe[240] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011E1D10 .text C:\WINDOWS\system32\igfxsrvc.exe[240] WS2_32.dll!send 71A54C27 5 Bytes JMP 011E7250 .text C:\WINDOWS\system32\igfxsrvc.exe[240] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 011E2160 .text C:\WINDOWS\system32\igfxsrvc.exe[240] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011E20A0 .text C:\WINDOWS\system32\igfxsrvc.exe[240] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011E23A0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01186390 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01186640 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011853D0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01185300 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011811C0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01181290 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01182570 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01181000 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011810A0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01182510 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01181D10 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] WS2_32.dll!send 71A54C27 5 Bytes JMP 01187250 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01182160 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 011820A0 .text C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe[416] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 011823A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B4, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00596390 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, B7, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B4, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B5, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912CB0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, B6, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B5, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, B6, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912D21 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B4, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00596640 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912E4F .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 005953D0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B5, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, B6, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, B7, 56, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00595300 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00591D10 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] WS2_32.dll!send 71A54C27 5 Bytes JMP 00597250 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00592160 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 005920A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[444] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 005923A0 .text C:\WINDOWS\SMINST\Scheduler.exe[464] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00E06390 .text C:\WINDOWS\SMINST\Scheduler.exe[464] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00E06640 .text C:\WINDOWS\SMINST\Scheduler.exe[464] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00E053D0 .text C:\WINDOWS\SMINST\Scheduler.exe[464] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00E05300 .text C:\WINDOWS\SMINST\Scheduler.exe[464] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E011C0 .text C:\WINDOWS\SMINST\Scheduler.exe[464] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E01290 .text C:\WINDOWS\SMINST\Scheduler.exe[464] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00E02570 .text C:\WINDOWS\SMINST\Scheduler.exe[464] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00E01000 .text C:\WINDOWS\SMINST\Scheduler.exe[464] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00E010A0 .text C:\WINDOWS\SMINST\Scheduler.exe[464] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00E02510 .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 004170D0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 00417140 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00416FC0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 00416F10 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00417090 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 00416F50 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00417000 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 00416F80 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 00417040 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 00416ED0 C:\WINDOWS\SMINST\Scheduler.exe .text C:\WINDOWS\SMINST\Scheduler.exe[464] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E01D10 .text C:\WINDOWS\SMINST\Scheduler.exe[464] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E07250 .text C:\WINDOWS\SMINST\Scheduler.exe[464] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00E02160 .text C:\WINDOWS\SMINST\Scheduler.exe[464] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00E020A0 .text C:\WINDOWS\SMINST\Scheduler.exe[464] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00E023A0 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00AB6390 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00AB6640 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00AB53D0 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AB5300 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AB11C0 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AB1290 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00AB2570 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00AB1000 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00AB10A0 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00AB2510 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AB1D10 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] WS2_32.dll!send 71A54C27 5 Bytes JMP 00AB7250 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00AB2160 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00AB20A0 .text C:\Program Files\Cisco Systems\Aironet Client Monitor\ACUMon.Exe[476] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00AB23A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01A46390 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01A46640 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01A453D0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01A45300 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01A411C0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01A41290 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01A42570 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01A41000 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01A410A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01A42510 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01A42160 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 01A420A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 01A423A0 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] ws2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01A41D10 .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[484] ws2_32.dll!send 71A54C27 5 Bytes JMP 01A47250 .text C:\WINDOWS\System32\alg.exe[504] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\alg.exe[504] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\alg.exe[504] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\alg.exe[504] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\alg.exe[504] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\alg.exe[504] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\alg.exe[504] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\alg.exe[504] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\alg.exe[504] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\alg.exe[504] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\alg.exe[504] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\alg.exe[504] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\alg.exe[504] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\System32\alg.exe[504] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\alg.exe[504] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01746390 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01746640 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 017453D0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01745300 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017411C0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01741290 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01742570 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01741000 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 017410A0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01742510 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01741D10 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] WS2_32.dll!send 71A54C27 5 Bytes JMP 01747250 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01742160 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 017420A0 .text C:\Program Files\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe[592] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 017423A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B96390 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B96640 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B953D0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B95300 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B911C0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B91290 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B92570 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B91000 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B910A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B92510 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00B92160 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00B920A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00B923A0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B91D10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[660] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B97250 .text C:\WINDOWS\system32\csrss.exe[688] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 012F6390 .text C:\WINDOWS\system32\csrss.exe[688] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 012F6640 .text C:\WINDOWS\system32\csrss.exe[688] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 012F53D0 .text C:\WINDOWS\system32\csrss.exe[688] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 012F5300 .text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 012F11C0 .text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 012F1290 .text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 012F2570 .text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 012F1000 .text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 012F10A0 .text C:\WINDOWS\system32\csrss.exe[688] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 012F2510 .text C:\WINDOWS\system32\csrss.exe[688] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 012F1D10 .text C:\WINDOWS\system32\csrss.exe[688] WS2_32.dll!send 71A54C27 5 Bytes JMP 012F7250 .text C:\WINDOWS\system32\csrss.exe[688] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 012F2160 .text C:\WINDOWS\system32\csrss.exe[688] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 012F20A0 .text C:\WINDOWS\system32\csrss.exe[688] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 012F23A0 .text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02286390 .text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02286640 .text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 022853D0 .text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02285300 .text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 022811C0 .text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02281290 .text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02282570 .text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02281000 .text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 022810A0 .text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02282510 .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02281D10 .text C:\WINDOWS\system32\winlogon.exe[712] WS2_32.dll!send 71A54C27 5 Bytes JMP 02287250 .text C:\WINDOWS\system32\winlogon.exe[712] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02282160 .text C:\WINDOWS\system32\winlogon.exe[712] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 022820A0 .text C:\WINDOWS\system32\winlogon.exe[712] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 022823A0 .text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01026390 .text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01026640 .text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 010253D0 .text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01025300 .text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010211C0 .text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01021290 .text C:\WINDOWS\system32\services.exe[756] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01022570 .text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01021000 .text C:\WINDOWS\system32\services.exe[756] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 010210A0 .text C:\WINDOWS\system32\services.exe[756] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01022510 .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01021D10 .text C:\WINDOWS\system32\services.exe[756] WS2_32.dll!send 71A54C27 5 Bytes JMP 01027250 .text C:\WINDOWS\system32\services.exe[756] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01022160 .text C:\WINDOWS\system32\services.exe[756] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 010220A0 .text C:\WINDOWS\system32\services.exe[756] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 010223A0 .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C36390 .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C36640 .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C353D0 .text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C35300 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C311C0 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C31290 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C32570 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C31000 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C310A0 .text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C32510 .text C:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C31D10 .text C:\WINDOWS\system32\svchost.exe[928] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C37250 .text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00C32160 .text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00C320A0 .text C:\WINDOWS\system32\svchost.exe[928] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00C323A0 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00D66390 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D66640 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D653D0 .text C:\WINDOWS\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D65300 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D611C0 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D61290 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00D62570 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00D61000 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00D610A0 .text C:\WINDOWS\system32\svchost.exe[976] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00D62510 .text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D61D10 .text C:\WINDOWS\system32\svchost.exe[976] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D67250 .text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00D62160 .text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00D620A0 .text C:\WINDOWS\system32\svchost.exe[976] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00D623A0 .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01ED6390 .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01ED6640 .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 01ED53D0 .text C:\WINDOWS\System32\svchost.exe[1016] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01ED5300 .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01ED11C0 .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01ED1290 .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01ED2570 .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01ED1000 .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 01ED10A0 .text C:\WINDOWS\System32\svchost.exe[1016] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01ED2510 .text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01ED1D10 .text C:\WINDOWS\System32\svchost.exe[1016] WS2_32.dll!send 71A54C27 5 Bytes JMP 01ED7250 .text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01ED2160 .text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 01ED20A0 .text C:\WINDOWS\System32\svchost.exe[1016] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 01ED23A0 .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A56390 .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A56640 .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A553D0 .text C:\WINDOWS\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A55300 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A511C0 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A51290 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A52570 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A51000 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A510A0 .text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A52510 .text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A51D10 .text C:\WINDOWS\system32\svchost.exe[1056] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A57250 .text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00A52160 .text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00A520A0 .text C:\WINDOWS\system32\svchost.exe[1056] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00A523A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01406390 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01406640 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 014053D0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01405300 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 014011C0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01401290 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01402570 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01401000 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 014010A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01402510 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01401D10 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] WS2_32.dll!send 71A54C27 5 Bytes JMP 01407250 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01402160 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 014020A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1116] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 014023A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02956390 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02956640 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 029553D0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02955300 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 029511C0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02951290 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02952570 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02951000 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 029510A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02952510 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 02952160 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 029520A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 029523A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02951D10 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Data\SpotifyWebHelper.exe[1128] WS2_32.dll!send 71A54C27 5 Bytes JMP 02957250 .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007E6390 .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007E6640 .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007E53D0 .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007E5300 .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007E11C0 .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007E1290 .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007E2570 .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007E1000 .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007E10A0 .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007E2510 .text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007E1D10 .text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!send 71A54C27 5 Bytes JMP 007E7250 .text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 007E2160 .text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007E20A0 .text C:\WINDOWS\system32\svchost.exe[1144] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007E23A0 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A46390 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A46640 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A453D0 .text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A45300 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A411C0 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A41290 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A42570 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A41000 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A410A0 .text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A42510 .text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A41D10 .text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A47250 .text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00A42160 .text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00A420A0 .text C:\WINDOWS\system32\svchost.exe[1176] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00A423A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 03D26390 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 03D26640 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 03D253D0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 03D25300 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03D211C0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 03D21290 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 03D22570 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 03D21000 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 03D210A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 03D22510 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 03D21D10 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] WS2_32.dll!send 71A54C27 5 Bytes JMP 03D27250 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 03D22160 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 03D220A0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[1212] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 03D223A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1252] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 70, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00216390 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 73, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 70, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 71, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F46C .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 72, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 71, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 72, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F4DD .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 70, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00216640 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F60B .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 002153D0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 71, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 72, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 73, 1E, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00215300 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00211D10 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] WS2_32.dll!send 71A54C27 5 Bytes JMP 00217250 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00212160 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 002120A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[1304] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 002123A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01846390 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01846640 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 018453D0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01845300 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018411C0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01841290 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01842570 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01841000 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 018410A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01842510 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01841D10 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] WS2_32.dll!send 71A54C27 5 Bytes JMP 01847250 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01842160 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 018420A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1356] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 018423A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] ntdll.dll!DbgBreakPoint 7C90120E 1 Byte [C3] .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 17986390 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 17986640 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 179853D0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 17985300 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] ntdll.dll!DbgUiRemoteBreakin 7C94FFE3 5 Bytes JMP 7C923BB8 C:\WINDOWS\system32\ntdll.dll .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 179811C0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 17981290 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 17982570 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 17981000 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 179810A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 17982510 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 17981D10 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] WS2_32.dll!send 71A54C27 5 Bytes JMP 17987250 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 17982160 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 179820A0 .text C:\Documents and Settings\Administrator\Dane aplikacji\Spotify\Spotify.exe[1384] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 179823A0 .text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A56390 .text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A56640 .text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A553D0 .text C:\WINDOWS\system32\spoolsv.exe[1556] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A55300 .text C:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A511C0 .text C:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A51290 .text C:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A52570 .text C:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A51000 .text C:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A510A0 .text C:\WINDOWS\system32\spoolsv.exe[1556] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A52510 .text C:\WINDOWS\system32\spoolsv.exe[1556] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A51D10 .text C:\WINDOWS\system32\spoolsv.exe[1556] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A57250 .text C:\WINDOWS\system32\spoolsv.exe[1556] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00A52160 .text C:\WINDOWS\system32\spoolsv.exe[1556] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00A520A0 .text C:\WINDOWS\system32\spoolsv.exe[1556] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00A523A0 .text C:\WINDOWS\System32\SCardSvr.exe[1600] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00786390 .text C:\WINDOWS\System32\SCardSvr.exe[1600] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00786640 .text C:\WINDOWS\System32\SCardSvr.exe[1600] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007853D0 .text C:\WINDOWS\System32\SCardSvr.exe[1600] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00785300 .text C:\WINDOWS\System32\SCardSvr.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007811C0 .text C:\WINDOWS\System32\SCardSvr.exe[1600] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00781290 .text C:\WINDOWS\System32\SCardSvr.exe[1600] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00782570 .text C:\WINDOWS\System32\SCardSvr.exe[1600] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00781000 .text C:\WINDOWS\System32\SCardSvr.exe[1600] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007810A0 .text C:\WINDOWS\System32\SCardSvr.exe[1600] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00782510 .text C:\WINDOWS\System32\SCardSvr.exe[1600] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00781D10 .text C:\WINDOWS\System32\SCardSvr.exe[1600] WS2_32.dll!send 71A54C27 5 Bytes JMP 00787250 .text C:\WINDOWS\System32\SCardSvr.exe[1600] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00782160 .text C:\WINDOWS\System32\SCardSvr.exe[1600] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007820A0 .text C:\WINDOWS\System32\SCardSvr.exe[1600] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007823A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01586390 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01586640 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 015853D0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01585300 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 015811C0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01581290 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01582570 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01581000 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 015810A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01582510 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01581D10 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] WS2_32.dll!send 71A54C27 5 Bytes JMP 01587250 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 01582160 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 015820A0 .text C:\Program Files\ActivIdentity\ActivClient\acevents.exe[1648] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 015823A0 .text C:\Program Files\Messenger\msmsgs.exe[1876] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00EB6390 .text C:\Program Files\Messenger\msmsgs.exe[1876] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00EB6640 .text C:\Program Files\Messenger\msmsgs.exe[1876] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00EB53D0 .text C:\Program Files\Messenger\msmsgs.exe[1876] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00EB5300 .text C:\Program Files\Messenger\msmsgs.exe[1876] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EB11C0 .text C:\Program Files\Messenger\msmsgs.exe[1876] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EB1290 .text C:\Program Files\Messenger\msmsgs.exe[1876] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00EB2570 .text C:\Program Files\Messenger\msmsgs.exe[1876] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00EB1000 .text C:\Program Files\Messenger\msmsgs.exe[1876] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00EB10A0 .text C:\Program Files\Messenger\msmsgs.exe[1876] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00EB2510 .text C:\Program Files\Messenger\msmsgs.exe[1876] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EB1D10 .text C:\Program Files\Messenger\msmsgs.exe[1876] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EB7250 .text C:\Program Files\Messenger\msmsgs.exe[1876] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00EB2160 .text C:\Program Files\Messenger\msmsgs.exe[1876] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00EB20A0 .text C:\Program Files\Messenger\msmsgs.exe[1876] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00EB23A0 .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00A16390 .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00A16640 .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00A153D0 .text C:\WINDOWS\system32\ctfmon.exe[1880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00A15300 .text C:\WINDOWS\system32\ctfmon.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A111C0 .text C:\WINDOWS\system32\ctfmon.exe[1880] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A11290 .text C:\WINDOWS\system32\ctfmon.exe[1880] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00A12570 .text C:\WINDOWS\system32\ctfmon.exe[1880] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00A11000 .text C:\WINDOWS\system32\ctfmon.exe[1880] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00A110A0 .text C:\WINDOWS\system32\ctfmon.exe[1880] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00A12510 .text C:\WINDOWS\system32\ctfmon.exe[1880] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00A11D10 .text C:\WINDOWS\system32\ctfmon.exe[1880] WS2_32.dll!send 71A54C27 5 Bytes JMP 00A17250 .text C:\WINDOWS\system32\ctfmon.exe[1880] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00A12160 .text C:\WINDOWS\system32\ctfmon.exe[1880] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 00A120A0 .text C:\WINDOWS\system32\ctfmon.exe[1880] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 00A123A0 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 047A6390 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 047A6640 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 047A53D0 .text C:\WINDOWS\Explorer.EXE[1960] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 047A5300 .text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 047A11C0 .text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 047A1290 .text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 047A2570 .text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 047A1000 .text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 047A10A0 .text C:\WINDOWS\Explorer.EXE[1960] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 047A2510 .text C:\WINDOWS\Explorer.EXE[1960] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 047A2160 .text C:\WINDOWS\Explorer.EXE[1960] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 047A20A0 .text C:\WINDOWS\Explorer.EXE[1960] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 047A23A0 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 047A1D10 .text C:\WINDOWS\Explorer.EXE[1960] WS2_32.dll!send 71A54C27 5 Bytes JMP 047A7250 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Program Files\ActivIdentity\ActivClient\accoca.exe[2424] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Program Files\Java\jre7\bin\jqs.exe[2568] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\WINDOWS\system32\srvany.exe[2584] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00096390 .text C:\WINDOWS\system32\srvany.exe[2584] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00096640 .text C:\WINDOWS\system32\srvany.exe[2584] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000953D0 .text C:\WINDOWS\system32\srvany.exe[2584] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00095300 .text C:\WINDOWS\system32\srvany.exe[2584] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000911C0 .text C:\WINDOWS\system32\srvany.exe[2584] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00091290 .text C:\WINDOWS\system32\srvany.exe[2584] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00092570 .text C:\WINDOWS\system32\srvany.exe[2584] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00091000 .text C:\WINDOWS\system32\srvany.exe[2584] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000910A0 .text C:\WINDOWS\system32\srvany.exe[2584] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00092510 .text C:\WINDOWS\system32\srvany.exe[2584] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00091D10 .text C:\WINDOWS\system32\srvany.exe[2584] WS2_32.dll!send 71A54C27 5 Bytes JMP 00097250 .text C:\WINDOWS\system32\srvany.exe[2584] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00092160 .text C:\WINDOWS\system32\srvany.exe[2584] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000920A0 .text C:\WINDOWS\system32\srvany.exe[2584] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000923A0 .text C:\WINDOWS\KMService.exe[2604] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00156390 .text C:\WINDOWS\KMService.exe[2604] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00156640 .text C:\WINDOWS\KMService.exe[2604] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001553D0 .text C:\WINDOWS\KMService.exe[2604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00155300 .text C:\WINDOWS\KMService.exe[2604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001511C0 .text C:\WINDOWS\KMService.exe[2604] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00151290 .text C:\WINDOWS\KMService.exe[2604] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00152570 .text C:\WINDOWS\KMService.exe[2604] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00151000 .text C:\WINDOWS\KMService.exe[2604] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001510A0 .text C:\WINDOWS\KMService.exe[2604] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00152510 .text C:\WINDOWS\KMService.exe[2604] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00151D10 .text C:\WINDOWS\KMService.exe[2604] WS2_32.dll!send 71A54C27 5 Bytes JMP 00157250 .text C:\WINDOWS\KMService.exe[2604] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00152160 .text C:\WINDOWS\KMService.exe[2604] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001520A0 .text C:\WINDOWS\KMService.exe[2604] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001523A0 .text C:\Program Files\Intel\AMT\LMS.exe[2620] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Intel\AMT\LMS.exe[2620] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Intel\AMT\LMS.exe[2620] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Intel\AMT\LMS.exe[2620] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Intel\AMT\LMS.exe[2620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Intel\AMT\LMS.exe[2620] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Intel\AMT\LMS.exe[2620] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Intel\AMT\LMS.exe[2620] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Intel\AMT\LMS.exe[2620] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Intel\AMT\LMS.exe[2620] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Intel\AMT\LMS.exe[2620] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Intel\AMT\LMS.exe[2620] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Intel\AMT\LMS.exe[2620] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Program Files\Intel\AMT\LMS.exe[2620] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Program Files\Intel\AMT\LMS.exe[2620] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Program Files\PDF Complete\pdfsvc.exe[2952] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, DC, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 009A6390 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, DF, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, DC, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, DD, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B916DD8 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, DE, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, DD, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, DE, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B916E49 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, DC, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 009A6640 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B916F77 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 009A53D0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, DD, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, DE, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, DF, 97, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009A5300 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009A1D10 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] WS2_32.dll!send 71A54C27 5 Bytes JMP 009A7250 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 009A2160 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 009A20A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3124] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 009A23A0 .text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\svchost.exe[3144] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\svchost.exe[3144] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\svchost.exe[3144] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\svchost.exe[3144] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\svchost.exe[3144] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\svchost.exe[3144] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\svchost.exe[3144] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, F4, 19, 00] {SUB AH, DH; SBB [EAX], EAX} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 001C6390 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, F7, 19, 00] {SUB BH, DH; SBB [EAX], EAX} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, F4, 19, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, F5, 19, 00] {TEST AL, 0xf5; SBB [EAX], EAX} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EFF0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, F6, 19, 00] {TEST AL, 0xf6; SBB [EAX], EAX} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, F5, 19, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, F6, 19, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F061 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, F4, 19, 00] {TEST AL, 0xf4; SBB [EAX], EAX} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 001C6640 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F18F .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001C53D0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, F5, 19, 00] {SUB CH, DH; SBB [EAX], EAX} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, F6, 19, 00] {SUB DH, DH; SBB [EAX], EAX} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, F7, 19, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001C5300 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 001C1D10 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] WS2_32.dll!send 71A54C27 5 Bytes JMP 001C7250 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 001C2160 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001C20A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3212] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001C23A0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe[3264] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 04, 79, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007C6390 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 07, 79, 00] {SUB [EDI], AL; JNS 0x4} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 04, 79, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 05, 79, 00] {TEST AL, 0x5; JNS 0x4} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B914F00 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 06, 79, 00] {TEST AL, 0x6; JNS 0x4} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 05, 79, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 06, 79, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B914F71 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 04, 79, 00] {TEST AL, 0x4; JNS 0x4} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007C6640 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91509F .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007C53D0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 05, 79, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 06, 79, 00] {SUB [ESI], AL; JNS 0x4} .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 07, 79, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007C5300 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007C1D10 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] WS2_32.dll!send 71A54C27 5 Bytes JMP 007C7250 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 007C2160 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 007C20A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3688] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 007C23A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, B8, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00836390 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, BB, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, B8, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, B9, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9156B4 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, BA, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, B9, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, BA, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B915725 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, B8, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00836640 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B915853 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 008353D0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, B9, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, BA, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, BB, 80, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00835300 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00831D10 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] WS2_32.dll!send 71A54C27 5 Bytes JMP 00837250 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00832160 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 008320A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3772] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 008323A0 .text C:\WINDOWS\System32\svchost.exe[3784] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\System32\svchost.exe[3784] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\System32\svchost.exe[3784] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\System32\svchost.exe[3784] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\System32\svchost.exe[3784] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\System32\svchost.exe[3784] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\System32\svchost.exe[3784] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\System32\svchost.exe[3784] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\System32\svchost.exe[3784] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\System32\svchost.exe[3784] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\System32\svchost.exe[3784] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\System32\svchost.exe[3784] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\System32\svchost.exe[3784] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\System32\svchost.exe[3784] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\System32\svchost.exe[3784] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, D0, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00196390 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, D3, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, D0, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, D1, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90ECCC .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, D2, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, D1, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, D2, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90ED3D .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, D0, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00196640 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90EE6B .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001953D0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, D1, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, D2, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, D3, 16, 00] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00195300 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00191D10 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] WS2_32.dll!send 71A54C27 5 Bytes JMP 00197250 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00192160 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001920A0 .text C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3824] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001923A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 000A2160 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[4060] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 000A23A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Documents and Settings\Administrator\Moje dokumenty\Downloads\b6uzjr5u.exe[5284] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00166390 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00166640 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001653D0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00165300 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001611C0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00161290 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00162570 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00161000 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001610A0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00162510 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] WININET.dll!HttpSendRequestW 6301F73E 5 Bytes JMP 00162160 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] WININET.dll!HttpSendRequestA 6302E822 5 Bytes JMP 001620A0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] WININET.dll!InternetWriteFile 6307665E 5 Bytes JMP 001623A0 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00161D10 .text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[5600] WS2_32.dll!send 71A54C27 5 Bytes JMP 00167250 ---- Registry - GMER 2.1 ---- Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\Administrator\Dane aplikacji\Kflklu.exe ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- Files - GMER 2.1 ---- File C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-Kflklu.reg.dat 161 bytes File C:\Documents and Settings\Administrator\Dane aplikacji\Kflklu.exe 139264 bytes executable ---- EOF - GMER 2.1 ----